{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"91.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"91.0.1-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1393?format=json","vulnerability_id":"VCID-g7z8-217k-3ygy","summary":"Firefox incorrectly accepted a newline in a HTTP/3 header, interpreting it as two separate headers. This allowed for a header splitting attack against servers using HTTP/3.","references":[{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://security.archlinux.org/AVG-2301","reference_id":"AVG-2301","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2301"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-37","reference_id":"mfsa2021-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2277?format=json","purl":"pkg:alpm/archlinux/firefox@91.0.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0.1-1"}],"aliases":["CVE-2021-29991"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7z8-217k-3ygy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1273?format=json","vulnerability_id":"VCID-1cnr-28vc-sqcy","summary":"Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29980"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1cnr-28vc-sqcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1270?format=json","vulnerability_id":"VCID-5h5r-wcta-a7au","summary":"A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.*","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5h5r-wcta-a7au"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1317?format=json","vulnerability_id":"VCID-85sw-xvhm-nyhk","summary":"Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory.","references":[{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85sw-xvhm-nyhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1275?format=json","vulnerability_id":"VCID-918z-26zm-67hc","summary":"Mozilla developers Christoph Kerschbaumer, Simon Giesecke, Sandor Molnar, and Olli Pettay reported memory safety bugs present in Thunderbird 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-918z-26zm-67hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1316?format=json","vulnerability_id":"VCID-agq3-2s95-wuey","summary":"After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.*This bug only affects Thunderbird on Linux. Other operating systems are unaffected.*","references":[{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29987"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agq3-2s95-wuey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1315?format=json","vulnerability_id":"VCID-ak6t-tsyf-p3ga","summary":"An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash.","references":[{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2291","reference_id":"AVG-2291","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2291"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29981"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ak6t-tsyf-p3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1272?format=json","vulnerability_id":"VCID-n657-bctg-1few","summary":"Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n657-bctg-1few"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1397?format=json","vulnerability_id":"VCID-nsfp-1den-hbhv","summary":"Mozilla developers and community members Kershaw Chang, Philipp, Chris Peterson, and Sebastian Hengst reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.","references":[{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29990"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsfp-1den-hbhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1271?format=json","vulnerability_id":"VCID-wqye-9ny7-e7a3","summary":"Thunderbird incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqye-9ny7-e7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1274?format=json","vulnerability_id":"VCID-yny3-7vjj-kyga","summary":"A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29989"},{"reference_url":"https://security.archlinux.org/ASA-202108-14","reference_id":"ASA-202108-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-14"},{"reference_url":"https://security.archlinux.org/AVG-2269","reference_id":"AVG-2269","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2269"},{"reference_url":"https://security.archlinux.org/AVG-2270","reference_id":"AVG-2270","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2270"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33","reference_id":"mfsa2021-33","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34","reference_id":"mfsa2021-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35","reference_id":"mfsa2021-35","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36","reference_id":"mfsa2021-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2276?format=json","purl":"pkg:alpm/archlinux/firefox@91.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-g7z8-217k-3ygy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}],"aliases":["CVE-2021-29985"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yny3-7vjj-kyga"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@91.0-1"}