{"url":"http://public2.vulnerablecode.io/api/packages/1711?format=json","purl":"pkg:alpm/archlinux/firefox@65.0.2-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"65.0.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"66.0.1-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1555?format=json","vulnerability_id":"VCID-11xu-avv4-9ufx","summary":"A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11xu-avv4-9ufx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1566?format=json","vulnerability_id":"VCID-1sd4-yvfs-sqd9","summary":"When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9807"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1sd4-yvfs-sqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1556?format=json","vulnerability_id":"VCID-32ee-dr7n-tufz","summary":"A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9796"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32ee-dr7n-tufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1567?format=json","vulnerability_id":"VCID-4ycc-nrc4-5kah","summary":"If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for a denial of service (DOS) attack.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9809"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ycc-nrc4-5kah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1550?format=json","vulnerability_id":"VCID-817n-mqrd-k3a5","summary":"A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-817n-mqrd-k3a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1569?format=json","vulnerability_id":"VCID-a3c8-ayvt-eya5","summary":"Mozilla developers and community members Dragana Damjanovic, Emilio Cobos Álvarez, Henri Sivonen, Narcis Beleuzu, Julian Seward, Marcia Knous, Gary Kwong, Tyson Smith, Yaron Tausky, Ronald Crane, and André Bargull reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9789"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3c8-ayvt-eya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1557?format=json","vulnerability_id":"VCID-bsqr-4yk1-bbau","summary":"Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11693"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9820"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14","reference_id":"mfsa2019-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15","reference_id":"mfsa2019-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bsqr-4yk1-bbau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1561?format=json","vulnerability_id":"VCID-dyyp-8pfj-affk","summary":"If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and allow for a potential memory read of adjacent data from the privileged Chrome process, which may include sensitive data.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyyp-8pfj-affk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1570?format=json","vulnerability_id":"VCID-e542-rp8s-3ber","summary":"Mozilla developers and community members Bob Clary, Chun-Min Chang, Aral Yaman, Andreea Pavel, Jonathan Kew, Gary Kwong, Alex Gaynor, Masayuki Nakano, and Anne van Kesteren reported memory safety bugs present in Firefox 65 and Firefox ESR 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9788"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e542-rp8s-3ber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1552?format=json","vulnerability_id":"VCID-he6e-re8n-kyax","summary":"The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-he6e-re8n-kyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1564?format=json","vulnerability_id":"VCID-jmve-zgge-ykch","summary":"A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmve-zgge-ykch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1562?format=json","vulnerability_id":"VCID-q5cp-pxq4-kfgz","summary":"The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9803"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5cp-pxq4-kfgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1568?format=json","vulnerability_id":"VCID-q8b7-av4e-v7a5","summary":"If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states \"Unknown origin\" as the requestee, leading to user confusion about which site is asking for this permission.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9808"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q8b7-av4e-v7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1559?format=json","vulnerability_id":"VCID-ukws-zeq7-myez","summary":"Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9799"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukws-zeq7-myez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1553?format=json","vulnerability_id":"VCID-wqg4-ptah-6qg1","summary":"A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations.  *Note: Spectre mitigations are currently enabled for all users by default settings.*","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqg4-ptah-6qg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1551?format=json","vulnerability_id":"VCID-xntf-72n7-9qee","summary":"The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9796"},{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08","reference_id":"mfsa2019-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11","reference_id":"mfsa2019-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xntf-72n7-9qee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1565?format=json","vulnerability_id":"VCID-yszh-ksz2-ekbr","summary":"A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack.","references":[{"reference_url":"https://security.archlinux.org/ASA-201903-11","reference_id":"ASA-201903-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-11"},{"reference_url":"https://security.archlinux.org/AVG-925","reference_id":"AVG-925","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-925"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07","reference_id":"mfsa2019-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1707?format=json","purl":"pkg:alpm/archlinux/firefox@66.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-d5vr-k225-qkc2"},{"vulnerability":"VCID-pkzf-au8z-kfbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@66.0-1"}],"aliases":["CVE-2019-9806"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yszh-ksz2-ekbr"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@65.0.2-1"}