{"url":"http://public2.vulnerablecode.io/api/packages/371491?format=json","purl":"pkg:alpm/archlinux/firefox@56.0.2-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"56.0.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"57.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51568?format=json","vulnerability_id":"VCID-2xza-hhmr-5ybw","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7826.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7826.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7826","reference_id":"","reference_type":"","scores":[{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85114","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85001","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85022","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85024","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85021","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85046","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85055","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85053","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85069","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85093","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84939","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84956","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84961","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84984","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.84991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85006","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02383","scoring_system":"epss","scoring_elements":"0.85005","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7826"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4035","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4035"},{"reference_url":"https://www.debian.org/security/2017/dsa-4061","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4061"},{"reference_url":"https://www.debian.org/security/2017/dsa-4075","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4075"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-25/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-25/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-26/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-26/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513308","reference_id":"1513308","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513308"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/ASA-201711-43","reference_id":"ASA-201711-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-43"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://security.archlinux.org/AVG-530","reference_id":"AVG-530","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7826","reference_id":"CVE-2017-7826","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7826"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-25","reference_id":"mfsa2017-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26","reference_id":"mfsa2017-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3247","reference_id":"RHSA-2017:3247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3372","reference_id":"RHSA-2017:3372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3372"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"},{"reference_url":"https://usn.ubuntu.com/3490-1/","reference_id":"USN-3490-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3490-1/"},{"reference_url":"https://usn.ubuntu.com/3688-1/","reference_id":"USN-3688-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3688-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7826"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xza-hhmr-5ybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62868?format=json","vulnerability_id":"VCID-4437-azu7-hyhb","summary":"Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7833","reference_id":"","reference_type":"","scores":[{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77895","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.7769","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77819","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77846","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77876","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77697","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77707","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77735","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.7774","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77766","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.7775","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77749","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77785","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77811","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7833"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1370497","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1370497"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7833","reference_id":"CVE-2017-7833","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7833"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4437-azu7-hyhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62874?format=json","vulnerability_id":"VCID-6a4w-c6p8-affn","summary":"Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7839","reference_id":"","reference_type":"","scores":[{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.7048","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.7028","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70427","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70408","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70293","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.7031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70333","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70348","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70371","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70375","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7839"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1402896","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1402896"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7839","reference_id":"CVE-2017-7839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7839"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7839"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6a4w-c6p8-affn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62877?format=json","vulnerability_id":"VCID-7xac-5zdj-9fgk","summary":"Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7827","reference_id":"","reference_type":"","scores":[{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84173","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84094","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84185","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84162","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84107","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84149","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02127","scoring_system":"epss","scoring_elements":"0.84155","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85646","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85579","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85588","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85605","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85628","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85561","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02566","scoring_system":"epss","scoring_elements":"0.85557","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7827"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7827","reference_id":"CVE-2017-7827","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7827"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7827"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7xac-5zdj-9fgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62870?format=json","vulnerability_id":"VCID-bk86-keag-kfg8","summary":"Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7835","reference_id":"","reference_type":"","scores":[{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71298","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71099","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.7124","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71243","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71226","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71263","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71108","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71143","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71155","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71179","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71164","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71147","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71193","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.712","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71178","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00662","scoring_system":"epss","scoring_elements":"0.71232","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7835"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1402363","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1402363"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7835","reference_id":"CVE-2017-7835","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7835"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7835"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bk86-keag-kfg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62872?format=json","vulnerability_id":"VCID-dhyh-m8p3-ebdq","summary":"SVG loaded through <img> tags can use <meta> tags within the SVG data to set cookies for that page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7837","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76901","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76719","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76864","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76854","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76884","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76722","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76751","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76764","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76775","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76804","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76776","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76822","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76814","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76845","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7837"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1325923","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1325923"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7837","reference_id":"CVE-2017-7837","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7837"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7837"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhyh-m8p3-ebdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62867?format=json","vulnerability_id":"VCID-e4pk-uyeh-xfgk","summary":"The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7832","reference_id":"","reference_type":"","scores":[{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76901","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76719","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76864","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76854","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76884","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76722","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76751","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76733","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76764","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76775","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76804","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76776","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76817","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76822","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76814","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00981","scoring_system":"epss","scoring_elements":"0.76845","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7832"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1408782","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1408782"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7832","reference_id":"CVE-2017-7832","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7832"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7832"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4pk-uyeh-xfgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51571?format=json","vulnerability_id":"VCID-ebzs-h9p8-tbb4","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7830","reference_id":"","reference_type":"","scores":[{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75198","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75093","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75101","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75091","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75129","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75133","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75137","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75146","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75173","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75012","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75014","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75043","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75019","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75053","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75065","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75087","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00862","scoring_system":"epss","scoring_elements":"0.75066","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7830"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1408990","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1408990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4035","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4035"},{"reference_url":"https://www.debian.org/security/2017/dsa-4061","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4061"},{"reference_url":"https://www.debian.org/security/2017/dsa-4075","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4075"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-25/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-25/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-26/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-26/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513311","reference_id":"1513311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513311"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/ASA-201711-43","reference_id":"ASA-201711-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-43"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://security.archlinux.org/AVG-530","reference_id":"AVG-530","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7830","reference_id":"CVE-2017-7830","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7830"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-25","reference_id":"mfsa2017-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26","reference_id":"mfsa2017-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3247","reference_id":"RHSA-2017:3247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3372","reference_id":"RHSA-2017:3372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3372"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"},{"reference_url":"https://usn.ubuntu.com/3490-1/","reference_id":"USN-3490-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3490-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7830"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebzs-h9p8-tbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62869?format=json","vulnerability_id":"VCID-gkrs-1aat-efhf","summary":"A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7834","reference_id":"","reference_type":"","scores":[{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76934","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76748","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76885","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76887","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76917","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76752","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76781","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76762","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76793","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76804","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76833","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76812","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76806","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76849","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76854","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76845","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00984","scoring_system":"epss","scoring_elements":"0.76877","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7834"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1358009","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1358009"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7834","reference_id":"CVE-2017-7834","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7834"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7834"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkrs-1aat-efhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62873?format=json","vulnerability_id":"VCID-ka31-epgw-2kcq","summary":"Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7838","reference_id":"","reference_type":"","scores":[{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77895","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.7769","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77819","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77834","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77846","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77876","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77697","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77707","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77735","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.7774","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77766","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.7775","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77749","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77786","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77785","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77778","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77811","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7838"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1399540","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1399540"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7838","reference_id":"CVE-2017-7838","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7838"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7838"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ka31-epgw-2kcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62866?format=json","vulnerability_id":"VCID-kg3p-hut6-47f6","summary":"A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated _exposedProps_ mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7831","reference_id":"","reference_type":"","scores":[{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56054","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55929","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56019","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55995","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55946","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55993","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.5604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56061","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56039","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.5609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56094","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56105","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56065","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.561","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56102","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.56073","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00331","scoring_system":"epss","scoring_elements":"0.55999","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7831"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1392026","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1392026"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7831","reference_id":"CVE-2017-7831","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7831"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7831"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kg3p-hut6-47f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62875?format=json","vulnerability_id":"VCID-qc2y-5tzg-ruav","summary":"JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7840","reference_id":"","reference_type":"","scores":[{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.7048","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.7028","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70427","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70408","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70293","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.7031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70333","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70348","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70371","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70385","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70395","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70375","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7840"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1366420","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1366420"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7840","reference_id":"CVE-2017-7840","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7840"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7840"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc2y-5tzg-ruav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51569?format=json","vulnerability_id":"VCID-wwjw-cqjk-8qe2","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7828.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7828","reference_id":"","reference_type":"","scores":[{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96595","published_at":"2026-05-09T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96562","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96568","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96574","published_at":"2026-04-18T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96577","published_at":"2026-04-21T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96578","published_at":"2026-04-24T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96579","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.9658","published_at":"2026-04-29T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96588","published_at":"2026-05-05T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.9659","published_at":"2026-05-07T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.9653","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96538","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96546","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96554","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28905","scoring_system":"epss","scoring_elements":"0.96559","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7828"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1406750","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1406750"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1412252","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1412252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-4035","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4035"},{"reference_url":"https://www.debian.org/security/2017/dsa-4061","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4061"},{"reference_url":"https://www.debian.org/security/2017/dsa-4075","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4075"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-25/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-25/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-26/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-26/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513310","reference_id":"1513310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1513310"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/ASA-201711-43","reference_id":"ASA-201711-43","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-43"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://security.archlinux.org/AVG-530","reference_id":"AVG-530","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-530"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7828","reference_id":"CVE-2017-7828","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7828"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-25","reference_id":"mfsa2017-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-25"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26","reference_id":"mfsa2017-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-26"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3247","reference_id":"RHSA-2017:3247","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3372","reference_id":"RHSA-2017:3372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3372"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"},{"reference_url":"https://usn.ubuntu.com/3490-1/","reference_id":"USN-3490-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3490-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7828"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwjw-cqjk-8qe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62876?format=json","vulnerability_id":"VCID-xn3a-bun2-vkhy","summary":"If a document’s Referrer Policy attribute is set to \"no-referrer\" sometimes two network requests are made for <link> elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7842","reference_id":"","reference_type":"","scores":[{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58353","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58202","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58291","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58303","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58253","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58295","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58288","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58308","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58282","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58336","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58359","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58316","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58349","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00362","scoring_system":"epss","scoring_elements":"0.58329","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7842"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1397064","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1397064"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7842","reference_id":"CVE-2017-7842","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7842"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"},{"reference_url":"https://usn.ubuntu.com/3477-1/","reference_id":"USN-3477-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3477-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7842"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xn3a-bun2-vkhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62871?format=json","vulnerability_id":"VCID-y92g-afff-2ua7","summary":"The \"pingsender\" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. *Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7836","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24883","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25088","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24913","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24868","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24747","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24821","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25169","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2521","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24981","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25094","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25068","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25014","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25023","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24987","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24925","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7836"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1401339","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1401339"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-24/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-24/"},{"reference_url":"http://www.securityfocus.com/bid/101832","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101832"},{"reference_url":"http://www.securitytracker.com/id/1039803","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039803"},{"reference_url":"https://security.archlinux.org/ASA-201711-23","reference_id":"ASA-201711-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-23"},{"reference_url":"https://security.archlinux.org/AVG-494","reference_id":"AVG-494","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-494"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7836","reference_id":"CVE-2017-7836","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7836"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24","reference_id":"mfsa2017-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371492?format=json","purl":"pkg:alpm/archlinux/firefox@57.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1"}],"aliases":["CVE-2017-7836"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y92g-afff-2ua7"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@56.0.2-1"}