Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-bj98-wphr-5fah

Summary The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. *Note: this issue does not affect users with e10s enabled.*

Aliases

alias	CVE-2016-9902

Fixed_packages

url pkg:alpm/archlinux/firefox@50.1.0-1

purl pkg:alpm/archlinux/firefox@50.1.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5e5a-2swq-wbh6

vulnerability	VCID-64t6-34z5-mqba

vulnerability	VCID-7ksf-hcy4-8ugk

vulnerability	VCID-822t-e7ua-4qb2

vulnerability	VCID-8qs7-4h5u-hyb2

vulnerability	VCID-aqnj-36n2-tkc6

vulnerability	VCID-eftu-tjrg-6uek

vulnerability	VCID-j3vz-8t9n-1ffv

vulnerability	VCID-jhbp-whp4-ryew

vulnerability	VCID-kpeh-jaku-hbbz

vulnerability	VCID-m6f3-226e-c3am

vulnerability	VCID-p1w3-75ze-bqf5

vulnerability	VCID-p5g7-qz44-s3gg

vulnerability	VCID-qm8u-3h4y-aqcb

vulnerability	VCID-skr2-pp86-kfbu

vulnerability	VCID-ss8q-mzsn-mqe4

vulnerability	VCID-tmrp-cnz5-uyfj

vulnerability	VCID-tyf8-54m9-mkdn

vulnerability	VCID-u5hc-8gms-ryac

vulnerability	VCID-uf7r-j4v6-eubv

vulnerability	VCID-v13v-v8z6-ykg7

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1

url	pkg:apk/alpine/firefox-esr@45.6.0?arch=armhf&distroversion=v3.4&reponame=community
purl	pkg:apk/alpine/firefox-esr@45.6.0?arch=armhf&distroversion=v3.4&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@45.6.0%3Farch=armhf&distroversion=v3.4&reponame=community

url	pkg:apk/alpine/firefox-esr@45.6.0?arch=x86_64&distroversion=v3.4&reponame=community
purl	pkg:apk/alpine/firefox-esr@45.6.0?arch=x86_64&distroversion=v3.4&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@45.6.0%3Farch=x86_64&distroversion=v3.4&reponame=community

url	pkg:apk/alpine/firefox-esr@45.6.0?arch=x86&distroversion=v3.4&reponame=community
purl	pkg:apk/alpine/firefox-esr@45.6.0?arch=x86&distroversion=v3.4&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox-esr@45.6.0%3Farch=x86&distroversion=v3.4&reponame=community

url	pkg:deb/debian/firefox@50.1.0-1?distro=sid
purl	pkg:deb/debian/firefox@50.1.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.1.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox-esr@45.6.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@45.6.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@45.6.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

url	pkg:ebuild/mail-client/thunderbird@45.6.0
purl	pkg:ebuild/mail-client/thunderbird@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@45.6.0

url	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
purl	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@45.6.0

url	pkg:ebuild/www-client/firefox@45.6.0
purl	pkg:ebuild/www-client/firefox@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@45.6.0

url	pkg:ebuild/www-client/firefox-bin@45.6.0
purl	pkg:ebuild/www-client/firefox-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@45.6.0

Affected_packages

url pkg:alpm/archlinux/firefox@50.0.2-1

purl pkg:alpm/archlinux/firefox@50.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2hyb-jg9a-7ubd

vulnerability	VCID-2pag-6rkj-fkhg

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-5sn8-kb22-pfd7

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-buwh-quh8-mue4

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-fp5h-mh19-q7fd

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-n491-sj66-c3ea

vulnerability	VCID-t9nu-4c6p-cbcb

vulnerability	VCID-ztzj-8jj3-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

url pkg:rpm/redhat/firefox@45.6.0-1?arch=el5_11

purl pkg:rpm/redhat/firefox@45.6.0-1?arch=el5_11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-fp5h-mh19-q7fd

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-mqxu-smxy-ayg1

vulnerability	VCID-n491-sj66-c3ea

vulnerability	VCID-t9nu-4c6p-cbcb

vulnerability	VCID-ztzj-8jj3-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.6.0-1%3Farch=el5_11

url pkg:rpm/redhat/firefox@45.6.0-1?arch=el6_8

purl pkg:rpm/redhat/firefox@45.6.0-1?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-fp5h-mh19-q7fd

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-mqxu-smxy-ayg1

vulnerability	VCID-n491-sj66-c3ea

vulnerability	VCID-t9nu-4c6p-cbcb

vulnerability	VCID-ztzj-8jj3-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.6.0-1%3Farch=el6_8

url pkg:rpm/redhat/firefox@45.6.0-1?arch=el7_3

purl pkg:rpm/redhat/firefox@45.6.0-1?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-fp5h-mh19-q7fd

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-mqxu-smxy-ayg1

vulnerability	VCID-n491-sj66-c3ea

vulnerability	VCID-t9nu-4c6p-cbcb

vulnerability	VCID-ztzj-8jj3-dqcq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.6.0-1%3Farch=el7_3

url pkg:rpm/redhat/thunderbird@45.6.0-1?arch=el5_11

purl pkg:rpm/redhat/thunderbird@45.6.0-1?arch=el5_11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-mqxu-smxy-ayg1

vulnerability	VCID-t9nu-4c6p-cbcb

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@45.6.0-1%3Farch=el5_11

url pkg:rpm/redhat/thunderbird@45.6.0-1?arch=el6_8

purl pkg:rpm/redhat/thunderbird@45.6.0-1?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-mqxu-smxy-ayg1

vulnerability	VCID-t9nu-4c6p-cbcb

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@45.6.0-1%3Farch=el6_8

url pkg:rpm/redhat/thunderbird@45.6.0-1?arch=el7_3

purl pkg:rpm/redhat/thunderbird@45.6.0-1?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4s11-9kg8-f7g4

vulnerability	VCID-bj98-wphr-5fah

vulnerability	VCID-etun-2vdg-jbaf

vulnerability	VCID-h6z3-5aru-xqah

vulnerability	VCID-jdz7-fp3u-myay

vulnerability	VCID-mqxu-smxy-ayg1

vulnerability	VCID-t9nu-4c6p-cbcb

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@45.6.0-1%3Farch=el7_3

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9902.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9902

reference_id

reference_type

scores

value	0.00411
scoring_system	epss
scoring_elements	0.61652
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404359
reference_id	1404359
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404359

reference_url	https://security.archlinux.org/ASA-201612-15
reference_id	ASA-201612-15
reference_type
scores
url	https://security.archlinux.org/ASA-201612-15

reference_url

https://security.archlinux.org/AVG-106

reference_id

AVG-106

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-106

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_id

mfsa2016-94

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-94

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_id

mfsa2016-95

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-95

reference_url	https://access.redhat.com/errata/RHSA-2016:2946
reference_id	RHSA-2016:2946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2946

reference_url	https://access.redhat.com/errata/RHSA-2016:2973
reference_id	RHSA-2016:2973
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2973

reference_url	https://usn.ubuntu.com/3155-1/
reference_id	USN-3155-1
reference_type
scores
url	https://usn.ubuntu.com/3155-1/

Weaknesses

Exploits

Severity_range_score 6.8 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj98-wphr-5fah

Vulnerability Instance