{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","type":"apk","namespace":"alpine","name":"firefox","version":"70.0-r0","qualifiers":{"arch":"armv7","distroversion":"v3.20","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"71.0.1-r0","latest_non_vulnerable_version":"119.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1667?format=json","vulnerability_id":"VCID-7e46-y8em-yudq","summary":"A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17001","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52399","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52459","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17001"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2019-17001"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7e46-y8em-yudq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1591?format=json","vulnerability_id":"VCID-b5fq-qdud-dfb9","summary":"By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11761","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.62002","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61952","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764442","reference_id":"1764442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764442"},{"reference_url":"https://security.archlinux.org/ASA-201910-15","reference_id":"ASA-201910-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-15"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1054","reference_id":"AVG-1054","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1054"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://security.gentoo.org/glsa/202003-10","reference_id":"GLSA-202003-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33","reference_id":"mfsa2019-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35","reference_id":"mfsa2019-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3193","reference_id":"RHSA-2019:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3196","reference_id":"RHSA-2019:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3210","reference_id":"RHSA-2019:3210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3237","reference_id":"RHSA-2019:3237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3281","reference_id":"RHSA-2019:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3756","reference_id":"RHSA-2019:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3756"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2019-11761"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5fq-qdud-dfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1590?format=json","vulnerability_id":"VCID-bymc-339x-hqd2","summary":"A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11760.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11760","reference_id":"","reference_type":"","scores":[{"value":"0.01271","scoring_system":"epss","scoring_elements":"0.79867","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01271","scoring_system":"epss","scoring_elements":"0.79842","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764441","reference_id":"1764441","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764441"},{"reference_url":"https://security.archlinux.org/ASA-201910-15","reference_id":"ASA-201910-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-15"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1054","reference_id":"AVG-1054","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1054"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://security.gentoo.org/glsa/202003-10","reference_id":"GLSA-202003-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33","reference_id":"mfsa2019-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35","reference_id":"mfsa2019-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3193","reference_id":"RHSA-2019:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3196","reference_id":"RHSA-2019:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3210","reference_id":"RHSA-2019:3210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3237","reference_id":"RHSA-2019:3237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3281","reference_id":"RHSA-2019:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3756","reference_id":"RHSA-2019:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3756"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2019-11760"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bymc-339x-hqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1662?format=json","vulnerability_id":"VCID-bznz-baya-hbbw","summary":"Incorrect derivation of a packet length in WebRTC caused heap corruption via a crafted video file. This resulted in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6156.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6156.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6156","reference_id":"","reference_type":"","scores":[{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64972","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.65015","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6150","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6150"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6152","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6152"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6154","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6154"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6156"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6158","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6165","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6165"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6166","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6167","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6167"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6168","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6168"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6173","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6173"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6175"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6179"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608180","reference_id":"1608180","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1608180"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://security.gentoo.org/glsa/201808-01","reference_id":"GLSA-201808-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2282","reference_id":"RHSA-2018:2282","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2282"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2018-6156"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bznz-baya-hbbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1594?format=json","vulnerability_id":"VCID-herb-32az-vub9","summary":"Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christian Holler, Steve Fink, Honza Bambas, Byron Campen, and Cristian Brindusan reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11764.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11764","reference_id":"","reference_type":"","scores":[{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76552","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00934","scoring_system":"epss","scoring_elements":"0.76523","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764446","reference_id":"1764446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1764446"},{"reference_url":"https://security.archlinux.org/ASA-201910-15","reference_id":"ASA-201910-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-15"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1054","reference_id":"AVG-1054","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1054"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://security.gentoo.org/glsa/202003-10","reference_id":"GLSA-202003-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33","reference_id":"mfsa2019-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35","reference_id":"mfsa2019-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3193","reference_id":"RHSA-2019:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3196","reference_id":"RHSA-2019:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3210","reference_id":"RHSA-2019:3210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3237","reference_id":"RHSA-2019:3237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3281","reference_id":"RHSA-2019:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3756","reference_id":"RHSA-2019:3756","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3756"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2019-11764"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-herb-32az-vub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1668?format=json","vulnerability_id":"VCID-ssve-9dr8-xfbc","summary":"If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17002","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40151","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40234","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17002"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2019-17002"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ssve-9dr8-xfbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1666?format=json","vulnerability_id":"VCID-ukhg-vp41-z3dr","summary":"An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17000","reference_id":"","reference_type":"","scores":[{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.37019","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00163","scoring_system":"epss","scoring_elements":"0.3711","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17000"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/358694?format=json","purl":"pkg:apk/alpine/firefox@70.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2019-17000"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukhg-vp41-z3dr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/firefox@70.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}