{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"50.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"52.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/248?format=json","vulnerability_id":"VCID-fd7y-6r4r-87dz","summary":"Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*","references":[{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-91","reference_id":"mfsa2016-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-91"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1921?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqm-2jym-m3g7"},{"vulnerability":"VCID-28u2-f3bg-jufy"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-9kvv-4mne-37dt"},{"vulnerability":"VCID-bbze-6awa-ryeq"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-t15g-6442-cufj"},{"vulnerability":"VCID-uh2v-m8c2-6fd6"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}],"aliases":["CVE-2016-9078"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fd7y-6r4r-87dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250?format=json","vulnerability_id":"VCID-k1rz-f92p-ducs","summary":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/ASA-201612-2","reference_id":"ASA-201612-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-2"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://security.archlinux.org/AVG-91","reference_id":"AVG-91","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-91"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92","reference_id":"mfsa2016-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1921?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqm-2jym-m3g7"},{"vulnerability":"VCID-28u2-f3bg-jufy"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-9kvv-4mne-37dt"},{"vulnerability":"VCID-bbze-6awa-ryeq"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-t15g-6442-cufj"},{"vulnerability":"VCID-uh2v-m8c2-6fd6"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}],"aliases":["CVE-2016-9079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/232?format=json","vulnerability_id":"VCID-1es7-pnwd-pfdw","summary":"A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9066"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/263?format=json","vulnerability_id":"VCID-41ax-gkjj-d7ec","summary":"Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9067"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41ax-gkjj-d7ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/277?format=json","vulnerability_id":"VCID-4nfp-3yek-eqfw","summary":"Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9071"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nfp-3yek-eqfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/229?format=json","vulnerability_id":"VCID-6xqg-t9fu-2kfk","summary":"A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5296"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267?format=json","vulnerability_id":"VCID-9aj3-pduq-93bw","summary":"Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9077"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9aj3-pduq-93bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/261?format=json","vulnerability_id":"VCID-9pxz-tehe-fff2","summary":"Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9064"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxz-tehe-fff2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/233?format=json","vulnerability_id":"VCID-9tuh-j2va-53hy","summary":"A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5291"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/264?format=json","vulnerability_id":"VCID-cejq-ngz9-myf7","summary":"A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9068"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cejq-ngz9-myf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/276?format=json","vulnerability_id":"VCID-ea8u-5x5j-dkch","summary":"An integer overflow during the parsing of XML using the Expat library.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8u-5x5j-dkch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/235?format=json","vulnerability_id":"VCID-kkjv-tyxm-6ub7","summary":"Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5290"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/266?format=json","vulnerability_id":"VCID-p5hf-wuz3-d7er","summary":"An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9075"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p5hf-wuz3-d7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/259?format=json","vulnerability_id":"VCID-qxva-bj1v-3uf3","summary":"During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5292"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxva-bj1v-3uf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278?format=json","vulnerability_id":"VCID-r153-j1t8-xucb","summary":"Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5289"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r153-j1t8-xucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/274?format=json","vulnerability_id":"VCID-tdn9-kq47-yfg3","summary":"WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9073"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdn9-kq47-yfg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/231?format=json","vulnerability_id":"VCID-vhgu-g4te-7bff","summary":"An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/275?format=json","vulnerability_id":"VCID-vk8t-73y8-3qgr","summary":"An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9076"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk8t-73y8-3qgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/273?format=json","vulnerability_id":"VCID-zj8v-3yfk-83bb","summary":"A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.","references":[{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1928?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fd7y-6r4r-87dz"},{"vulnerability":"VCID-k1rz-f92p-ducs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9070"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zj8v-3yfk-83bb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}