{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"49.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"52.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/238?format=json","vulnerability_id":"VCID-1uv3-mtcv-kbee","summary":"A use-after-free vulnerability triggered by setting a aria-owns attribute.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5276"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uv3-mtcv-kbee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/253?format=json","vulnerability_id":"VCID-2qdm-5rm5-qfhr","summary":"A potentially exploitable crash in accessibility.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5273"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qdm-5rm5-qfhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/257?format=json","vulnerability_id":"VCID-2zw2-v1xp-rfd9","summary":"A timing attack vulnerability using iframes to potentially reveal private data using document resizes and link colors.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5283"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zw2-v1xp-rfd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/254?format=json","vulnerability_id":"VCID-3pdf-xrwk-a7bh","summary":"A buffer overflow when working with empty filters during canvas rendering.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5275"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pdf-xrwk-a7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/236?format=json","vulnerability_id":"VCID-88j3-np4m-p3et","summary":"An out-of-bounds write of a boolean value during text conversion with some unicode characters","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5270"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88j3-np4m-p3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/255?format=json","vulnerability_id":"VCID-b61f-wfbh-uucm","summary":"The full path to local files is available to scripts when local files are drag and dropped into Firefox.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5279"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b61f-wfbh-uucm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/256?format=json","vulnerability_id":"VCID-d6s8-w8mc-wyb4","summary":"Favicons can be loaded through non-whitelisted protocols, such as jar:.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5282"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6s8-w8mc-wyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/239?format=json","vulnerability_id":"VCID-dt5c-74jk-m3dc","summary":"A use-after-free issue in web animations during restyling.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5274"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dt5c-74jk-m3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247?format=json","vulnerability_id":"VCID-e35v-ppxg-tkd1","summary":"Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257"},{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5257"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e35v-ppxg-tkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/258?format=json","vulnerability_id":"VCID-ewpd-w8v5-efcf","summary":"Mozilla developers Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas, Seth Fowler, and Michael Smith reported memory safety bugs present in Firefox 48. Some of these bugs showed evidence of memory corruption under certain circumstances could potentially exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5256"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewpd-w8v5-efcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/243?format=json","vulnerability_id":"VCID-k9d6-7kmg-rubt","summary":"Use-after-free vulnerability when manipulating SVG format content through script.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5281"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9d6-7kmg-rubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/242?format=json","vulnerability_id":"VCID-nnkk-gjzm-s3ad","summary":"Use-after-free vulnerability when changing text direction.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5280"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnkk-gjzm-s3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/240?format=json","vulnerability_id":"VCID-pefk-5d4r-zfgp","summary":"A use-after-free vulnerability with web animations when destroying a timeline.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5277"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pefk-5d4r-zfgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/237?format=json","vulnerability_id":"VCID-r8mm-erch-93gg","summary":"A bad cast when processing layout with input elements can result in a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5272"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8mm-erch-93gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/244?format=json","vulnerability_id":"VCID-sw3r-xvra-zue6","summary":"Due to flaws in the process we used to update \"Preloaded Public Key Pinning\" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5284"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sw3r-xvra-zue6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/241?format=json","vulnerability_id":"VCID-u7w2-v2us-1qaz","summary":"A potentially exploitable crash caused by a buffer overflow while encoding image frames to images.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5278"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7w2-v2us-1qaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/252?format=json","vulnerability_id":"VCID-vddw-w1vv-hucw","summary":"An out-of-bounds read during the processing of text runs in some pages using display:contents.","references":[{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1947?format=json","purl":"pkg:alpm/archlinux/firefox@49.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}],"aliases":["CVE-2016-5271"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vddw-w1vv-hucw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@49.0-1"}