{"url":"http://public2.vulnerablecode.io/api/packages/1921?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"50.0.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"52.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/225?format=json","vulnerability_id":"VCID-1gqm-2jym-m3g7","summary":"The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. *Note: this issue does not affect users with e10s enabled.*","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9902"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqm-2jym-m3g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219?format=json","vulnerability_id":"VCID-28u2-f3bg-jufy","summary":"Use-after-free while manipulating the navigator object within WebVR. *Note: WebVR is not currently enabled by default.*","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9896"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28u2-f3bg-jufy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217?format=json","vulnerability_id":"VCID-2dx6-ehwy-xubu","summary":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218?format=json","vulnerability_id":"VCID-4cyw-yxhd-77af","summary":"Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228?format=json","vulnerability_id":"VCID-4eg8-dc82-fqd6","summary":"Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9893"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/226?format=json","vulnerability_id":"VCID-9kvv-4mne-37dt","summary":"Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9903"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kvv-4mne-37dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/227?format=json","vulnerability_id":"VCID-bbze-6awa-ryeq","summary":"Mozilla developers and community members Kan-Ru Chen, Christian Holler, and Tyson Smith reported memory safety bugs present in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9080"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbze-6awa-ryeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/222?format=json","vulnerability_id":"VCID-m1ve-ttqh-3ucn","summary":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9900"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/216?format=json","vulnerability_id":"VCID-t15g-6442-cufj","summary":"A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9894"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t15g-6442-cufj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224?format=json","vulnerability_id":"VCID-uh2v-m8c2-6fd6","summary":"HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the about:pocket-saved (unprivileged) page, giving it access to Pocket's messaging API through HTML injection.","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9901"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh2v-m8c2-6fd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/221?format=json","vulnerability_id":"VCID-vdup-4rw5-bke7","summary":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/220?format=json","vulnerability_id":"VCID-wbtg-ecpe-8bcy","summary":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/223?format=json","vulnerability_id":"VCID-zbxg-zh9z-n7gg","summary":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"aliases":["CVE-2016-9904"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248?format=json","vulnerability_id":"VCID-fd7y-6r4r-87dz","summary":"Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-91","reference_id":"mfsa2016-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-91"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1921?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqm-2jym-m3g7"},{"vulnerability":"VCID-28u2-f3bg-jufy"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-9kvv-4mne-37dt"},{"vulnerability":"VCID-bbze-6awa-ryeq"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-t15g-6442-cufj"},{"vulnerability":"VCID-uh2v-m8c2-6fd6"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}],"aliases":["CVE-2016-9078"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fd7y-6r4r-87dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250?format=json","vulnerability_id":"VCID-k1rz-f92p-ducs","summary":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/ASA-201612-2","reference_id":"ASA-201612-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-2"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://security.archlinux.org/AVG-91","reference_id":"AVG-91","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-91"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92","reference_id":"mfsa2016-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1921?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqm-2jym-m3g7"},{"vulnerability":"VCID-28u2-f3bg-jufy"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-9kvv-4mne-37dt"},{"vulnerability":"VCID-bbze-6awa-ryeq"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-t15g-6442-cufj"},{"vulnerability":"VCID-uh2v-m8c2-6fd6"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}],"aliases":["CVE-2016-9079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}