{"url":"http://public2.vulnerablecode.io/api/packages/1883?format=json","purl":"pkg:alpm/archlinux/firefox@52.0.2-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"52.0.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"53.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/565?format=json","vulnerability_id":"VCID-1hmf-d9jw-eydf","summary":"During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5464"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hmf-d9jw-eydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/583?format=json","vulnerability_id":"VCID-1req-6w1u-h7gr","summary":"A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5467"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1req-6w1u-h7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/564?format=json","vulnerability_id":"VCID-1zvx-n96g-5qgr","summary":"A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5442"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1zvx-n96g-5qgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/569?format=json","vulnerability_id":"VCID-3478-tt6y-3yex","summary":"An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5447"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3478-tt6y-3yex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/589?format=json","vulnerability_id":"VCID-3e39-auan-xuhb","summary":"Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5429"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3e39-auan-xuhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/558?format=json","vulnerability_id":"VCID-4yun-8ff6-xbad","summary":"A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5432"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yun-8ff6-xbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/559?format=json","vulnerability_id":"VCID-5t1y-kt3x-83gn","summary":"A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5460"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5t1y-kt3x-83gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/573?format=json","vulnerability_id":"VCID-6fqb-hquy-1kgw","summary":"A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5454"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fqb-hquy-1kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/575?format=json","vulnerability_id":"VCID-6m3m-gcn8-hbbq","summary":"A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5456"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6m3m-gcn8-hbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/586?format=json","vulnerability_id":"VCID-6qnx-8zzy-nkek","summary":"When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5458"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qnx-8zzy-nkek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/585?format=json","vulnerability_id":"VCID-7aah-x36e-u3er","summary":"A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's TITLE element. This vulnerability allows for spoofing but no scripted content can be run.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5453"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7aah-x36e-u3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/574?format=json","vulnerability_id":"VCID-7ryr-d2hw-1yhm","summary":"The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5455"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ryr-d2hw-1yhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/570?format=json","vulnerability_id":"VCID-7sz2-vy3r-jqe3","summary":"An out-of-bounds read while processing SVG content in ConvolvePixel. This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5465"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sz2-vy3r-jqe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/555?format=json","vulnerability_id":"VCID-8ase-exn4-kuhr","summary":"A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5459"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ase-exn4-kuhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/576?format=json","vulnerability_id":"VCID-8fd1-atnz-4ybe","summary":"Fixed potential buffer overflows in generated Firefox code due to [CVE-2016-6354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354) issue in Flex.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5469"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fd1-atnz-4ybe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/571?format=json","vulnerability_id":"VCID-8pew-ffs9-tkhb","summary":"An out-of-bounds write in ClearKeyDecryptor while decrypting some Clearkey-encrypted media content. The ClearKeyDecryptor code runs within the  Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pew-ffs9-tkhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/560?format=json","vulnerability_id":"VCID-9czz-bc1n-xkem","summary":"A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5438"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9czz-bc1n-xkem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/567?format=json","vulnerability_id":"VCID-9smz-q33h-hbaw","summary":"A buffer overflow vulnerability while parsing application/http-index-format format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9smz-q33h-hbaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/563?format=json","vulnerability_id":"VCID-aja9-emwk-xye3","summary":"A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5441"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aja9-emwk-xye3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/556?format=json","vulnerability_id":"VCID-bj6j-ar4j-3bgg","summary":"If a page is loaded from an original site through a hyperlink and contains a redirect to a data:text/html URL, triggering a reload will run the reloaded data:text/html page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5466"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bj6j-ar4j-3bgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/588?format=json","vulnerability_id":"VCID-bqjp-jgr5-u7cb","summary":"Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5430"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqjp-jgr5-u7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/580?format=json","vulnerability_id":"VCID-d3nj-g2ka-tue2","summary":"A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3nj-g2ka-tue2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/577?format=json","vulnerability_id":"VCID-fu4u-wn2z-gbgz","summary":"A vulnerability while parsing application/http-index-format format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5445"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu4u-wn2z-gbgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/587?format=json","vulnerability_id":"VCID-ggg4-mqpu-fuba","summary":"An issue with incorrect ownership model of privateBrowsing information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5468"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggg4-mqpu-fuba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/568?format=json","vulnerability_id":"VCID-h9hn-tr9w-4ubn","summary":"An out-of-bounds read when an HTTP/2 connection to a servers sends DATA frames with incorrect data content. This leads to a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5446"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h9hn-tr9w-4ubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/553?format=json","vulnerability_id":"VCID-jthc-qw6t-53ff","summary":"An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5436"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jthc-qw6t-53ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/551?format=json","vulnerability_id":"VCID-nz3g-jdgj-5kfv","summary":"A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5433"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nz3g-jdgj-5kfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/554?format=json","vulnerability_id":"VCID-pa6e-373h-6ybr","summary":"An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://security.archlinux.org/ASA-201704-4","reference_id":"ASA-201704-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-4"},{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/ASA-201705-21","reference_id":"ASA-201705-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-21"},{"reference_url":"https://security.archlinux.org/AVG-247","reference_id":"AVG-247","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-247"},{"reference_url":"https://security.archlinux.org/AVG-248","reference_id":"AVG-248","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-248"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa6e-373h-6ybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4571?format=json","vulnerability_id":"VCID-pcd7-6x4v-mkfu","summary":"multiple issues","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5437"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcd7-6x4v-mkfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/557?format=json","vulnerability_id":"VCID-qkyq-4mv5-4qbd","summary":"A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5434"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkyq-4mv5-4qbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/566?format=json","vulnerability_id":"VCID-r9pw-nv4t-xfcj","summary":"An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5443"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9pw-nv4t-xfcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/552?format=json","vulnerability_id":"VCID-suq2-kh6t-1fdg","summary":"A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5435"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-suq2-kh6t-1fdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/561?format=json","vulnerability_id":"VCID-u7h9-yevq-gqay","summary":"A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5439"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7h9-yevq-gqay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/562?format=json","vulnerability_id":"VCID-xjyr-mns2-wuck","summary":"A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5440"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xjyr-mns2-wuck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/578?format=json","vulnerability_id":"VCID-zrj6-cf4r-wyak","summary":"A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations.","references":[{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1884?format=json","purl":"pkg:alpm/archlinux/firefox@53.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1"}],"aliases":["CVE-2017-5449"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrj6-cf4r-wyak"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0.2-1"}