VulnerableCode Package Details - pkg:alpm/archlinux/firefox@50.0-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-avw6-7aqv-hbaa Aliases: CVE-2016-9079	Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code.	50.0.2-1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fmub-ph5x-pbdu Aliases: CVE-2016-9078	Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50.	50.0.2-1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-avw6-7aqv-hbaa
Aliases:
CVE-2016-9079

Multiple vulnerabilities have been found in Mozilla SeaMonkey, the worst of which could lead to the remote execution of arbitrary code.

50.0.2-1
Affected by 13 other vulnerabilities.

VCID-fmub-ph5x-pbdu
Aliases:
CVE-2016-9078

Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*

50.0.2-1
Affected by 13 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3dea-vjmc-b7eb	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.	CVE-2016-5297
VCID-47dr-szw4-ryfr	During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.	CVE-2016-5292
VCID-545u-wnrj-z3dh	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.	CVE-2016-5291
VCID-6cde-35h4-vqaj	An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.	CVE-2016-9075
VCID-6pk2-g77j-h3b2	An integer overflow during the parsing of XML using the Expat library.	CVE-2016-9063
VCID-9gcq-8grt-vfhc	A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.	CVE-2016-9070
VCID-f8wd-xgwu-8kgm	Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.	CVE-2016-9077
VCID-jvy8-w1m2-ayaw	A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.	CVE-2016-9068
VCID-mdpv-kcbb-9ubj	Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.	CVE-2016-9071
VCID-pybp-xzy7-q3a8	Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.	CVE-2016-9067
VCID-qptm-f15t-57gj	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.	CVE-2016-5290
VCID-rz6b-kepf-cfg9	Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.	CVE-2016-5289
VCID-swmb-24y4-1kau	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.	CVE-2016-9064
VCID-tgya-wnfn-t7eb	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.	CVE-2016-9066
VCID-v28j-cvrw-p3c7	WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.	CVE-2016-9073
VCID-yegk-sgdn-z3ae	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.	CVE-2016-5296
VCID-yy4z-p3f1-qbbc	An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.	CVE-2016-9076

Vulnerability

Summary

Aliases

VCID-3dea-vjmc-b7eb

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.

CVE-2016-5297

VCID-47dr-szw4-ryfr

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.

CVE-2016-5292

VCID-545u-wnrj-z3dh

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.

CVE-2016-5291

VCID-6cde-35h4-vqaj

An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.

CVE-2016-9075

VCID-6pk2-g77j-h3b2

An integer overflow during the parsing of XML using the Expat library.

CVE-2016-9063

VCID-9gcq-8grt-vfhc

A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.

CVE-2016-9070

VCID-f8wd-xgwu-8kgm

Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.

CVE-2016-9077

VCID-jvy8-w1m2-ayaw

A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.

CVE-2016-9068

VCID-mdpv-kcbb-9ubj

Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.

CVE-2016-9071

VCID-pybp-xzy7-q3a8

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.

CVE-2016-9067

VCID-qptm-f15t-57gj

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.

CVE-2016-5290

VCID-rz6b-kepf-cfg9

Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

CVE-2016-5289

VCID-swmb-24y4-1kau

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.

CVE-2016-9064

VCID-tgya-wnfn-t7eb

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.

CVE-2016-9066

VCID-v28j-cvrw-p3c7

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.

CVE-2016-9073

VCID-yegk-sgdn-z3ae

Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code.

CVE-2016-5296

VCID-yy4z-p3f1-qbbc

An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.

CVE-2016-9076

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T13:59:11.694754+00:00	Arch Linux Importer	Fixing	VCID-rz6b-kepf-cfg9	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.680006+00:00	Arch Linux Importer	Fixing	VCID-qptm-f15t-57gj	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.667566+00:00	Arch Linux Importer	Fixing	VCID-545u-wnrj-z3dh	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.656349+00:00	Arch Linux Importer	Fixing	VCID-47dr-szw4-ryfr	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.643300+00:00	Arch Linux Importer	Fixing	VCID-yegk-sgdn-z3ae	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.631212+00:00	Arch Linux Importer	Fixing	VCID-3dea-vjmc-b7eb	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.619319+00:00	Arch Linux Importer	Fixing	VCID-6pk2-g77j-h3b2	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.607622+00:00	Arch Linux Importer	Fixing	VCID-swmb-24y4-1kau	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.595126+00:00	Arch Linux Importer	Fixing	VCID-tgya-wnfn-t7eb	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.583244+00:00	Arch Linux Importer	Fixing	VCID-pybp-xzy7-q3a8	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.568719+00:00	Arch Linux Importer	Fixing	VCID-jvy8-w1m2-ayaw	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.556818+00:00	Arch Linux Importer	Fixing	VCID-9gcq-8grt-vfhc	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.544995+00:00	Arch Linux Importer	Fixing	VCID-mdpv-kcbb-9ubj	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.533249+00:00	Arch Linux Importer	Fixing	VCID-v28j-cvrw-p3c7	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.521572+00:00	Arch Linux Importer	Fixing	VCID-6cde-35h4-vqaj	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.510693+00:00	Arch Linux Importer	Fixing	VCID-yy4z-p3f1-qbbc	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.497523+00:00	Arch Linux Importer	Fixing	VCID-f8wd-xgwu-8kgm	https://security.archlinux.org/AVG-72	38.1.0
2026-04-07T13:59:11.483553+00:00	Arch Linux Importer	Affected by	VCID-fmub-ph5x-pbdu	https://security.archlinux.org/AVG-90	38.1.0
2026-04-07T13:59:11.472343+00:00	Arch Linux Importer	Affected by	VCID-avw6-7aqv-hbaa	https://security.archlinux.org/AVG-90	38.1.0
2026-04-01T18:24:59.765582+00:00	Arch Linux Importer	Fixing	VCID-rz6b-kepf-cfg9	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.743438+00:00	Arch Linux Importer	Fixing	VCID-qptm-f15t-57gj	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.721400+00:00	Arch Linux Importer	Fixing	VCID-545u-wnrj-z3dh	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.699323+00:00	Arch Linux Importer	Fixing	VCID-47dr-szw4-ryfr	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.676687+00:00	Arch Linux Importer	Fixing	VCID-yegk-sgdn-z3ae	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.642353+00:00	Arch Linux Importer	Fixing	VCID-3dea-vjmc-b7eb	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.619298+00:00	Arch Linux Importer	Fixing	VCID-6pk2-g77j-h3b2	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.596604+00:00	Arch Linux Importer	Fixing	VCID-swmb-24y4-1kau	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.571539+00:00	Arch Linux Importer	Fixing	VCID-tgya-wnfn-t7eb	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.547789+00:00	Arch Linux Importer	Fixing	VCID-pybp-xzy7-q3a8	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.525635+00:00	Arch Linux Importer	Fixing	VCID-jvy8-w1m2-ayaw	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.503648+00:00	Arch Linux Importer	Fixing	VCID-9gcq-8grt-vfhc	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.480391+00:00	Arch Linux Importer	Fixing	VCID-mdpv-kcbb-9ubj	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.456007+00:00	Arch Linux Importer	Fixing	VCID-v28j-cvrw-p3c7	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.430537+00:00	Arch Linux Importer	Fixing	VCID-6cde-35h4-vqaj	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.404717+00:00	Arch Linux Importer	Fixing	VCID-yy4z-p3f1-qbbc	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:59.381748+00:00	Arch Linux Importer	Fixing	VCID-f8wd-xgwu-8kgm	https://security.archlinux.org/AVG-72	38.0.0
2026-04-01T18:24:56.394295+00:00	Arch Linux Importer	Affected by	VCID-fmub-ph5x-pbdu	https://security.archlinux.org/AVG-90	38.0.0
2026-04-01T18:24:56.370322+00:00	Arch Linux Importer	Affected by	VCID-avw6-7aqv-hbaa	https://security.archlinux.org/AVG-90	38.0.0

2026-04-07T13:59:11.694754+00:00

Arch Linux Importer

Fixing

Next non-vulnerable version	52.0-1
Latest non-vulnerable version	101.0-1
Risk	10.0