Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:mozilla/Thunderbird@38.7.0

Type mozilla

Namespace

Name Thunderbird

Version 38.7.0

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 38.8.0

Latest_non_vulnerable_version 149.0.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-19cb-y1de-u3bn

vulnerability_id VCID-19cb-y1de-u3bn

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1957

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57851
published_at	2026-04-16T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57713
published_at	2026-04-01T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57864
published_at	2026-04-11T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57843
published_at	2026-04-12T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57822
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57797
published_at	2026-04-02T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57817
published_at	2026-04-04T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57791
published_at	2026-04-07T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57846
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57848
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1957

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1227052
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1227052

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-20.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-20.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315573
reference_id	1315573
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315573

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
reference_id	cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1957

reference_id

CVE-2016-1957

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1957

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-20

reference_id

mfsa2016-20

reference_type

scores

value	low
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-20

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1957

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19cb-y1de-u3bn

url VCID-5wqt-2dtu-8qa4

vulnerability_id VCID-5wqt-2dtu-8qa4

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-0495.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-0495.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1950

reference_id

reference_type

scores

value	0.01867
scoring_system	epss
scoring_elements	0.83118
published_at	2026-04-16T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83014
published_at	2026-04-01T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83074
published_at	2026-04-09T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.8309
published_at	2026-04-11T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83084
published_at	2026-04-12T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.8308
published_at	2026-04-13T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83031
published_at	2026-04-02T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83044
published_at	2026-04-04T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83042
published_at	2026-04-07T12:55:00Z

value	0.01867
scoring_system	epss
scoring_elements	0.83067
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1950

reference_url	https://bto.bluecoat.com/security-advisory/sa119
reference_id
reference_type
scores
url	https://bto.bluecoat.com/security-advisory/sa119

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes
reference_id
reference_type
scores
url	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

reference_url	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes
reference_id
reference_type
scores
url	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://support.apple.com/HT206166
reference_id
reference_type
scores
url	https://support.apple.com/HT206166

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	https://support.apple.com/HT206168
reference_id
reference_type
scores
url	https://support.apple.com/HT206168

reference_url	https://support.apple.com/HT206169
reference_id
reference_type
scores
url	https://support.apple.com/HT206169

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.debian.org/security/2016/dsa-3688
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3688

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/84223
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/84223

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2924-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2924-1

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310509
reference_id	1310509
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310509

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.19.2:::::::*
reference_id	cpe:2.3:a:mozilla:network_security_services:3.19.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.19.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20:::::::*
reference_id	cpe:2.3:a:mozilla:network_security_services:3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.1:::::::*
reference_id	cpe:2.3:a:mozilla:network_security_services:3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.21:::::::*
reference_id	cpe:2.3:a:mozilla:network_security_services:3.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*
reference_id	cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:glassfish_server:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:::::::*
reference_id	cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_server:7.0:::::::*
reference_id	cpe:2.3:a:oracle:iplanet_web_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.2:::::::*
reference_id	cpe:2.3:o:oracle:vm_server:3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.2:::::::*

100

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1950

reference_id

CVE-2016-1950

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1950

101

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

102

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-35

reference_id

mfsa2016-35

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-35

103

reference_url	https://access.redhat.com/errata/RHSA-2016:0370
reference_id	RHSA-2016:0370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0370

104

reference_url	https://access.redhat.com/errata/RHSA-2016:0371
reference_id	RHSA-2016:0371
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0371

105

reference_url	https://access.redhat.com/errata/RHSA-2016:0495
reference_id	RHSA-2016:0495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0495

106

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

107

reference_url	https://usn.ubuntu.com/2924-1/
reference_id	USN-2924-1
reference_type
scores
url	https://usn.ubuntu.com/2924-1/

108

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1950

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5wqt-2dtu-8qa4

url VCID-94py-4f6r-gbf9

vulnerability_id VCID-94py-4f6r-gbf9

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1952.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1952.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1952

reference_id

reference_type

scores

value	0.00321
scoring_system	epss
scoring_elements	0.55193
published_at	2026-04-16T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.5503
published_at	2026-04-01T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55191
published_at	2026-04-11T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55173
published_at	2026-04-12T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55154
published_at	2026-04-13T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55132
published_at	2026-04-02T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55155
published_at	2026-04-04T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.5513
published_at	2026-04-07T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.5518
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1952

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1123661
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1123661

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1221872
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1221872

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1224979
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1224979

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1234578
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1234578

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1241217
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1241217

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1242279
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1242279

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1244250
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1244250

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1244995
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1244995

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1249685
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1249685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-16.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-16.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315566
reference_id	1315566
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315566

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
reference_id	cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1952

reference_id

CVE-2016-1952

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1952

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-16

reference_id

mfsa2016-16

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-16

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1952

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94py-4f6r-gbf9

url VCID-jfw1-18np-47b8

vulnerability_id VCID-jfw1-18np-47b8

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3
reference_id
reference_type
scores
url	http://hg.mozilla.org/releases/mozilla-release/rev/b208427885d3

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1961

reference_id

reference_type

scores

value	0.00749
scoring_system	epss
scoring_elements	0.73155
published_at	2026-04-16T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.7306
published_at	2026-04-01T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73139
published_at	2026-04-11T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73119
published_at	2026-04-12T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73112
published_at	2026-04-13T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73069
published_at	2026-04-02T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.7309
published_at	2026-04-04T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73064
published_at	2026-04-07T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73101
published_at	2026-04-08T12:55:00Z

value	0.00749
scoring_system	epss
scoring_elements	0.73114
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1961

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1249377
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1249377

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-24.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-24.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	http://zerodayinitiative.com/advisories/ZDI-16-199/
reference_id
reference_type
scores
url	http://zerodayinitiative.com/advisories/ZDI-16-199/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315577
reference_id	1315577
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315577

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1961

reference_id

CVE-2016-1961

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1961

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-24

reference_id

mfsa2016-24

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-24

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1961

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfw1-18np-47b8

url VCID-js15-jev6-6fbs

vulnerability_id VCID-js15-jev6-6fbs

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1960

reference_id

reference_type

scores

value	0.87057
scoring_system	epss
scoring_elements	0.99444
published_at	2026-04-16T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.99436
published_at	2026-04-01T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.9944
published_at	2026-04-11T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.99441
published_at	2026-04-12T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.99442
published_at	2026-04-13T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.99435
published_at	2026-04-02T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.99437
published_at	2026-04-07T12:55:00Z

value	0.87057
scoring_system	epss
scoring_elements	0.99439
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1960

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1246014
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1246014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	https://www.exploit-db.com/exploits/42484/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/42484/

reference_url	https://www.exploit-db.com/exploits/44294/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/44294/

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-23.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-23.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	http://zerodayinitiative.com/advisories/ZDI-16-198/
reference_id
reference_type
scores
url	http://zerodayinitiative.com/advisories/ZDI-16-198/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315576
reference_id	1315576
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315576

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html
reference_id	CVE-2016-1960
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1960

reference_id

CVE-2016-1960

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1960

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html
reference_id	CVE-2017-5375;CVE-2016-1960
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-23

reference_id

mfsa2016-23

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-23

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1960

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-js15-jev6-6fbs

url VCID-k131-mfqm-dka9

vulnerability_id VCID-k131-mfqm-dka9

summary

Multiple vulnerabilities have been found in Graphite, the worst of
    which could lead to the remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1977

reference_id

reference_type

scores

value	0.00701
scoring_system	epss
scoring_elements	0.72071
published_at	2026-04-16T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.71984
published_at	2026-04-01T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72062
published_at	2026-04-11T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72046
published_at	2026-04-12T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72031
published_at	2026-04-13T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.71991
published_at	2026-04-02T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72011
published_at	2026-04-04T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.71987
published_at	2026-04-07T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72026
published_at	2026-04-08T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72038
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1977

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1248876
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1248876

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3515
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3515

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-37.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-37.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securityfocus.com/bid/84222
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/84222

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2927-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2927-1

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315795
reference_id	1315795
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315795

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sil:graphite2::::::::
reference_id	cpe:2.3:a:sil:graphite2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sil:graphite2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1977

reference_id

CVE-2016-1977

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1977

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url	https://security.gentoo.org/glsa/201701-63
reference_id	GLSA-201701-63
reference_type
scores
url	https://security.gentoo.org/glsa/201701-63

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-37

reference_id

mfsa2016-37

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-37

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2927-1/
reference_id	USN-2927-1
reference_type
scores
url	https://usn.ubuntu.com/2927-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1977

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k131-mfqm-dka9

url VCID-qtp4-ada6-tydd

vulnerability_id VCID-qtp4-ada6-tydd

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1974

reference_id

reference_type

scores

value	0.00493
scoring_system	epss
scoring_elements	0.6575
published_at	2026-04-16T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.6563
published_at	2026-04-01T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65759
published_at	2026-04-11T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65744
published_at	2026-04-12T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65715
published_at	2026-04-13T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65679
published_at	2026-04-02T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65709
published_at	2026-04-04T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65675
published_at	2026-04-07T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65726
published_at	2026-04-08T12:55:00Z

value	0.00493
scoring_system	epss
scoring_elements	0.65738
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1974

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1228103
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1228103

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-34.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-34.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315785
reference_id	1315785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315785

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1974

reference_id

CVE-2016-1974

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1974

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-34

reference_id

mfsa2016-34

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-34

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1974

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp4-ada6-tydd

url VCID-rsda-j27d-8bdc

vulnerability_id VCID-rsda-j27d-8bdc

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236
reference_id
reference_type
scores
url	http://hg.mozilla.org/releases/mozilla-release/rev/5154bb929236

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1954

reference_id

reference_type

scores

value	0.02706
scoring_system	epss
scoring_elements	0.8591
published_at	2026-04-16T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85825
published_at	2026-04-01T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85901
published_at	2026-04-11T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85898
published_at	2026-04-12T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85892
published_at	2026-04-13T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85836
published_at	2026-04-02T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85854
published_at	2026-04-04T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85858
published_at	2026-04-07T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85876
published_at	2026-04-08T12:55:00Z

value	0.02706
scoring_system	epss
scoring_elements	0.85886
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1954

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1243178
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1243178

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-17.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-17.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315569
reference_id	1315569
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315569

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
reference_id	cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1954

reference_id

CVE-2016-1954

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1954

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-17

reference_id

mfsa2016-17

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-17

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1954

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsda-j27d-8bdc

url VCID-ut8d-5w7x-4qg2

vulnerability_id VCID-ut8d-5w7x-4qg2

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1964

reference_id

reference_type

scores

value	0.00701
scoring_system	epss
scoring_elements	0.72071
published_at	2026-04-16T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.71984
published_at	2026-04-01T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72062
published_at	2026-04-11T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72046
published_at	2026-04-12T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72031
published_at	2026-04-13T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.71991
published_at	2026-04-02T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72011
published_at	2026-04-04T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.71987
published_at	2026-04-07T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72026
published_at	2026-04-08T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72038
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1964

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1243335
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1243335

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-27.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-27.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315774
reference_id	1315774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315774

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1964

reference_id

CVE-2016-1964

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1964

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-27

reference_id

mfsa2016-27

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-27

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

url	pkg:mozilla/Thunderbird@45.0.0
purl	pkg:mozilla/Thunderbird@45.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0

aliases CVE-2016-1964

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ut8d-5w7x-4qg2

url VCID-z4ad-5vm8-t3g2

vulnerability_id VCID-z4ad-5vm8-t3g2

summary

Multiple vulnerabilities have been found in Firefox, Thunderbird,
    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with
    the worst of which may allow remote execution of arbitrary code.

references

reference_url	http://hg.mozilla.org/releases/mozilla-release/rev/f0d2911a9a4e
reference_id
reference_type
scores
url	http://hg.mozilla.org/releases/mozilla-release/rev/f0d2911a9a4e

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1966

reference_id

reference_type

scores

value	0.00797
scoring_system	epss
scoring_elements	0.74042
published_at	2026-04-16T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73955
published_at	2026-04-01T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74028
published_at	2026-04-11T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.7401
published_at	2026-04-12T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74003
published_at	2026-04-13T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73962
published_at	2026-04-02T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73987
published_at	2026-04-04T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73958
published_at	2026-04-07T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.73992
published_at	2026-04-08T12:55:00Z

value	0.00797
scoring_system	epss
scoring_elements	0.74006
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1966

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1246054
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1246054

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802

reference_url	http://www.debian.org/security/2016/dsa-3510
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3510

reference_url	http://www.debian.org/security/2016/dsa-3520
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3520

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-31.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-31.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

reference_url	http://www.securitytracker.com/id/1035215
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035215

reference_url	http://www.ubuntu.com/usn/USN-2917-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-1

reference_url	http://www.ubuntu.com/usn/USN-2917-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-2

reference_url	http://www.ubuntu.com/usn/USN-2917-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2917-3

reference_url	http://www.ubuntu.com/usn/USN-2934-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2934-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1315778
reference_id	1315778
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1315778

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:38.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1966

reference_id

CVE-2016-1966

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1966

reference_url	https://security.gentoo.org/glsa/201605-06
reference_id	GLSA-201605-06
reference_type
scores
url	https://security.gentoo.org/glsa/201605-06

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-31

reference_id

mfsa2016-31

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-31

reference_url	https://access.redhat.com/errata/RHSA-2016:0373
reference_id	RHSA-2016:0373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0373

reference_url	https://access.redhat.com/errata/RHSA-2016:0460
reference_id	RHSA-2016:0460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0460

reference_url	https://usn.ubuntu.com/2917-1/
reference_id	USN-2917-1
reference_type
scores
url	https://usn.ubuntu.com/2917-1/

reference_url	https://usn.ubuntu.com/2934-1/
reference_id	USN-2934-1
reference_type
scores
url	https://usn.ubuntu.com/2934-1/

fixed_packages

url	pkg:mozilla/Thunderbird@38.7.0
purl	pkg:mozilla/Thunderbird@38.7.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

aliases CVE-2016-1966

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z4ad-5vm8-t3g2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0

Package Instance