{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"50.1.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"52.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/546?format=json","vulnerability_id":"VCID-11uz-v7pw-v7hw","summary":"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/540?format=json","vulnerability_id":"VCID-3am9-1vdf-27gt","summary":"JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/541?format=json","vulnerability_id":"VCID-442s-jgvp-gfav","summary":"Use-after-free while manipulating XSL in XSLT documents","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5376"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/689?format=json","vulnerability_id":"VCID-52sd-uf2t-wkam","summary":"Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5374"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52sd-uf2t-wkam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/547?format=json","vulnerability_id":"VCID-5m57-7cch-v3ga","summary":"Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5373"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/685?format=json","vulnerability_id":"VCID-7h8u-eu8y-1kha","summary":"The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5393"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7h8u-eu8y-1kha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/545?format=json","vulnerability_id":"VCID-bn6e-q2fz-7fba","summary":"A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5396"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/683?format=json","vulnerability_id":"VCID-d6tp-qmay-tbf6","summary":"Special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5391"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6tp-qmay-tbf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/675?format=json","vulnerability_id":"VCID-fhdf-bwes-dkbc","summary":"A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5377"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhdf-bwes-dkbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/687?format=json","vulnerability_id":"VCID-hhp4-mh9x-pkfc","summary":"The existence of a specifically requested local file can be found due to the double firing of the onerror when the source attribute on a  <track> tag refers to a file that does not exist if the source page is loaded locally.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5387"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhp4-mh9x-pkfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/542?format=json","vulnerability_id":"VCID-m7n2-1ppv-jfcm","summary":"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/544?format=json","vulnerability_id":"VCID-n9bg-836z-abb8","summary":"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/679?format=json","vulnerability_id":"VCID-qp5g-hk6b-8qck","summary":"Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5382"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qp5g-hk6b-8qck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/677?format=json","vulnerability_id":"VCID-t84w-xvmd-sudf","summary":"WebExtensions could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5389"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t84w-xvmd-sudf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/681?format=json","vulnerability_id":"VCID-urn6-j25v-pkdz","summary":"Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5385"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urn6-j25v-pkdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/680?format=json","vulnerability_id":"VCID-vz3w-t1uk-ubb7","summary":"Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5384"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vz3w-t1uk-ubb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/674?format=json","vulnerability_id":"VCID-w6s6-79aa-ubg4","summary":"WebExtension scripts can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5386"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6s6-79aa-ubg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/676?format=json","vulnerability_id":"VCID-w7y8-j3y5-v3ex","summary":"Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w7y8-j3y5-v3ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/543?format=json","vulnerability_id":"VCID-yk3y-5my9-auak","summary":"A potential use-after-free found through fuzzing during DOM manipulation of SVG content.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5380"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/678?format=json","vulnerability_id":"VCID-zd5k-c12h-c3ae","summary":"The \"export\" function in the Certificate Viewer can force local filesystem navigation when the \"common name\" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5381"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zd5k-c12h-c3ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/688?format=json","vulnerability_id":"VCID-zysf-gywg-qyga","summary":"A STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack.","references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"aliases":["CVE-2017-5388"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zysf-gywg-qyga"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/225?format=json","vulnerability_id":"VCID-1gqm-2jym-m3g7","summary":"The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. *Note: this issue does not affect users with e10s enabled.*","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9902"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqm-2jym-m3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219?format=json","vulnerability_id":"VCID-28u2-f3bg-jufy","summary":"Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.*","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9896"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28u2-f3bg-jufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217?format=json","vulnerability_id":"VCID-2dx6-ehwy-xubu","summary":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218?format=json","vulnerability_id":"VCID-4cyw-yxhd-77af","summary":"Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228?format=json","vulnerability_id":"VCID-4eg8-dc82-fqd6","summary":"Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9893"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226?format=json","vulnerability_id":"VCID-9kvv-4mne-37dt","summary":"Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9903"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvv-4mne-37dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/227?format=json","vulnerability_id":"VCID-bbze-6awa-ryeq","summary":"Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9080"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbze-6awa-ryeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/222?format=json","vulnerability_id":"VCID-m1ve-ttqh-3ucn","summary":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9900"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216?format=json","vulnerability_id":"VCID-t15g-6442-cufj","summary":"A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t15g-6442-cufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224?format=json","vulnerability_id":"VCID-uh2v-m8c2-6fd6","summary":"HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9901"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh2v-m8c2-6fd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/221?format=json","vulnerability_id":"VCID-vdup-4rw5-bke7","summary":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/220?format=json","vulnerability_id":"VCID-wbtg-ecpe-8bcy","summary":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/223?format=json","vulnerability_id":"VCID-zbxg-zh9z-n7gg","summary":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9904"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}