Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mnar-hq2z-q7dc

Summary

Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird the worst of which could lead to the execution of arbitrary
    code.

Aliases

alias	CVE-2016-5265

Fixed_packages

url	pkg:deb/debian/firefox@48.0-1?distro=sid
purl	pkg:deb/debian/firefox@48.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@48.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox-esr@45.3.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@45.3.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@45.3.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

purl pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.14.0esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.8.0esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5dw5-vpt8-zqbz

vulnerability	VCID-9ag7-z86d-nba9

vulnerability	VCID-f81v-9fv8-93cd

vulnerability	VCID-qbzp-euvv-q7c7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.9.1esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f81v-9fv8-93cd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.9.1esr-1%3Fdistro=trixie

url	pkg:ebuild/mail-client/thunderbird@45.6.0
purl	pkg:ebuild/mail-client/thunderbird@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@45.6.0

url	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
purl	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@45.6.0

url	pkg:ebuild/www-client/firefox@45.6.0
purl	pkg:ebuild/www-client/firefox@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@45.6.0

url	pkg:ebuild/www-client/firefox-bin@45.6.0
purl	pkg:ebuild/www-client/firefox-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@45.6.0

url	pkg:mozilla/Firefox@48.0.0
purl	pkg:mozilla/Firefox@48.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@48.0.0

url	pkg:mozilla/Firefox%20ESR@45.3.0
purl	pkg:mozilla/Firefox%20ESR@45.3.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.3.0

Affected_packages

url pkg:rpm/redhat/firefox@45.3.0-1?arch=el7_2

purl pkg:rpm/redhat/firefox@45.3.0-1?arch=el7_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7kf6-5a92-hfhk

vulnerability	VCID-8dmy-qa26-rbha

vulnerability	VCID-8y7u-dhmg-j3ch

vulnerability	VCID-935y-sfuq-qqgh

vulnerability	VCID-b4dv-raac-tkf1

vulnerability	VCID-c2kz-qw3v-eqbz

vulnerability	VCID-d9z7-npfz-53a8

vulnerability	VCID-eh1p-amew-hydf

vulnerability	VCID-fqmm-499j-nyc3

vulnerability	VCID-mnar-hq2z-q7dc

vulnerability	VCID-sg3s-971c-c3fy

vulnerability	VCID-wgxa-54sd-rqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.3.0-1%3Farch=el7_2

url pkg:rpm/redhat/firefox@45.3.0-1?arch=el6_8

purl pkg:rpm/redhat/firefox@45.3.0-1?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7kf6-5a92-hfhk

vulnerability	VCID-8dmy-qa26-rbha

vulnerability	VCID-8y7u-dhmg-j3ch

vulnerability	VCID-935y-sfuq-qqgh

vulnerability	VCID-b4dv-raac-tkf1

vulnerability	VCID-c2kz-qw3v-eqbz

vulnerability	VCID-d9z7-npfz-53a8

vulnerability	VCID-eh1p-amew-hydf

vulnerability	VCID-fqmm-499j-nyc3

vulnerability	VCID-mnar-hq2z-q7dc

vulnerability	VCID-sg3s-971c-c3fy

vulnerability	VCID-wgxa-54sd-rqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.3.0-1%3Farch=el6_8

url pkg:rpm/redhat/firefox@45.3.0-1?arch=el5_11

purl pkg:rpm/redhat/firefox@45.3.0-1?arch=el5_11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7kf6-5a92-hfhk

vulnerability	VCID-8dmy-qa26-rbha

vulnerability	VCID-8y7u-dhmg-j3ch

vulnerability	VCID-935y-sfuq-qqgh

vulnerability	VCID-b4dv-raac-tkf1

vulnerability	VCID-c2kz-qw3v-eqbz

vulnerability	VCID-d9z7-npfz-53a8

vulnerability	VCID-eh1p-amew-hydf

vulnerability	VCID-fqmm-499j-nyc3

vulnerability	VCID-mnar-hq2z-q7dc

vulnerability	VCID-sg3s-971c-c3fy

vulnerability	VCID-wgxa-54sd-rqd6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@45.3.0-1%3Farch=el5_11

References

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1551.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1551.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5265.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5265.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5265

reference_id

reference_type

scores

value	0.00261
scoring_system	epss
scoring_elements	0.49428
published_at	2026-04-01T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49524
published_at	2026-04-16T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49486
published_at	2026-04-09T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49503
published_at	2026-04-11T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49475
published_at	2026-04-12T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49477
published_at	2026-04-13T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49456
published_at	2026-04-02T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49483
published_at	2026-04-04T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49436
published_at	2026-04-07T12:55:00Z

value	0.00261
scoring_system	epss
scoring_elements	0.49491
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5265

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1278013
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1278013

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	http://www.debian.org/security/2016/dsa-3640
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3640

reference_url	http://www.mozilla.org/security/announce/2016/mfsa2016-80.html
reference_id
reference_type
scores
url	http://www.mozilla.org/security/announce/2016/mfsa2016-80.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.securityfocus.com/bid/92258
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/92258

reference_url	http://www.securitytracker.com/id/1036508
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036508

reference_url	http://www.ubuntu.com/usn/USN-3044-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-3044-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1361994
reference_id	1361994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1361994

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.1.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:45.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.1.1:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:45.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.2.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:45.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.3.0:::::::*
reference_id	cpe:2.3:a:mozilla:firefox:45.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:45.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*
reference_id	cpe:2.3:o:oracle:linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*
reference_id	cpe:2.3:o:oracle:linux:7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:::::::*

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265
reference_id	CVE-2016-5265
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5265

reference_id

CVE-2016-5265

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5265

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-80

reference_id

mfsa2016-80

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-80

reference_url	https://access.redhat.com/errata/RHSA-2016:1551
reference_id	RHSA-2016:1551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1551

reference_url	https://usn.ubuntu.com/3044-1/
reference_id	USN-3044-1
reference_type
scores
url	https://usn.ubuntu.com/3044-1/

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 4.0 - 5.8

Exploitability 0.5

Weighted_severity 5.0

Risk_score 2.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnar-hq2z-q7dc

Vulnerability Instance