{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"64.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"65.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1487?format=json","vulnerability_id":"VCID-4ctk-v1dr-27he","summary":"WebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.","references":[{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-18495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ctk-v1dr-27he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1486?format=json","vulnerability_id":"VCID-4rty-xgn3-fuby","summary":"A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-12407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rty-xgn3-fuby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1401?format=json","vulnerability_id":"VCID-9s3m-fes9-xqh2","summary":"A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498"},{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30","reference_id":"mfsa2018-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31","reference_id":"mfsa2018-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-18492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9s3m-fes9-xqh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1403?format=json","vulnerability_id":"VCID-axs7-cedu-23hw","summary":"A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498"},{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30","reference_id":"mfsa2018-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31","reference_id":"mfsa2018-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-18494"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axs7-cedu-23hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1402?format=json","vulnerability_id":"VCID-bdbe-964v-pfht","summary":"A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498"},{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30","reference_id":"mfsa2018-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31","reference_id":"mfsa2018-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-18493"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdbe-964v-pfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1491?format=json","vulnerability_id":"VCID-btsh-x8sa-57fd","summary":"Mozilla developers and community members Alex Gaynor, André Bargull, Boris Zbarsky, Christian Holler, Jan de Mooij, Jason Kratzer, Philipp, Ronald Crane, Natalia Csoregi, and Paul Theriault reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-12406"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-btsh-x8sa-57fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1400?format=json","vulnerability_id":"VCID-h916-7jyk-9qfn","summary":"A buffer overflow and out-of-bounds read can occur in TextureStorage11 within the ANGLE graphics library, used for WebGL content. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20071","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20071"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179"},{"reference_url":"https://security.archlinux.org/ASA-201810-12","reference_id":"ASA-201810-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201810-12"},{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-781","reference_id":"AVG-781","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-781"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30","reference_id":"mfsa2018-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31","reference_id":"mfsa2018-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-17466"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h916-7jyk-9qfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1489?format=json","vulnerability_id":"VCID-p9vs-74e9-gqcf","summary":"Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations.","references":[{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-18497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9vs-74e9-gqcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1405?format=json","vulnerability_id":"VCID-xxkg-b8ep-6yga","summary":"Mozilla developers and community members Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Jed Davis, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18498"},{"reference_url":"https://security.archlinux.org/ASA-201812-9","reference_id":"ASA-201812-9","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-9"},{"reference_url":"https://security.archlinux.org/AVG-833","reference_id":"AVG-833","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29","reference_id":"mfsa2018-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-29"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30","reference_id":"mfsa2018-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-30"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31","reference_id":"mfsa2018-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1733?format=json","purl":"pkg:alpm/archlinux/firefox@64.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}],"aliases":["CVE-2018-12405"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxkg-b8ep-6yga"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1"}