Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/371492?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "57.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "59.0.1-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51568?format=api", "vulnerability_id": "VCID-2xza-hhmr-5ybw", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could lead to the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7826.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7826.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7826", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85158", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85021", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85046", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85055", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85053", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85069", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85093", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85114", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85125", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.84923", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.84939", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.84956", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.84961", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.84984", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.84991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85006", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85005", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85001", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85022", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02383", "scoring_system": "epss", "scoring_elements": "0.85024", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7826" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4035" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4061", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4061" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4075" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-26/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-26/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513308", "reference_id": "1513308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513308" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/ASA-201711-43", "reference_id": "ASA-201711-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-43" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://security.archlinux.org/AVG-530", "reference_id": "AVG-530", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-530" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7826", "reference_id": "CVE-2017-7826", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7826" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-25", "reference_id": "mfsa2017-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-26", "reference_id": "mfsa2017-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3247", "reference_id": "RHSA-2017:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3372", "reference_id": "RHSA-2017:3372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3372" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" }, { "reference_url": "https://usn.ubuntu.com/3490-1/", "reference_id": "USN-3490-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3490-1/" }, { "reference_url": "https://usn.ubuntu.com/3688-1/", "reference_id": "USN-3688-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3688-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7826" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xza-hhmr-5ybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62868?format=api", "vulnerability_id": "VCID-4437-azu7-hyhb", "summary": "Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77947", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.7769", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77876", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77895", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77884", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77902", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.7774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.7775", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77749", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77786", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77785", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77819", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77834", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77846", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7833" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1370497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1370497" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7833", "reference_id": "CVE-2017-7833", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7833" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7833" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4437-azu7-hyhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62874?format=api", "vulnerability_id": "VCID-6a4w-c6p8-affn", "summary": "Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70527", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70408", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70449", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.7048", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70475", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.7031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70395", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70375", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70427", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70436", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7839" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402896" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7839", "reference_id": "CVE-2017-7839", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7839" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7839" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6a4w-c6p8-affn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62877?format=api", "vulnerability_id": "VCID-7xac-5zdj-9fgk", "summary": "Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84173", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84094", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84185", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84162", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84167", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84124", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84127", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84149", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02127", "scoring_system": "epss", "scoring_elements": "0.84155", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.8569", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85628", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85646", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85641", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85654", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85561", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85557", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85579", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85588", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02566", "scoring_system": "epss", "scoring_elements": "0.85605", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7827" }, { "reference_url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1399922%2C1403646%2C1403716%2C1365894%2C1402876%2C1406154%2C1384121%2C1384615%2C1407375%2C1339485%2C1361432%2C1394031%2C1383019%2C1407032%2C1387845%2C1386490" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7827", "reference_id": "CVE-2017-7827", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7827" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7827" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xac-5zdj-9fgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62870?format=api", "vulnerability_id": "VCID-bk86-keag-kfg8", "summary": "Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71344", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71099", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71263", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71298", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.7126", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71288", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71108", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71126", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71101", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71143", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71155", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71179", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71164", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71147", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71193", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.712", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71178", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71232", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.7124", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71243", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71226", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7835" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402363" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7835", "reference_id": "CVE-2017-7835", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7835" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7835" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bk86-keag-kfg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62872?format=api", "vulnerability_id": "VCID-dhyh-m8p3-ebdq", "summary": "SVG loaded through <img> tags can use <meta> tags within the SVG data to set cookies for that page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76955", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76719", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76884", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76901", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76889", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76906", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76751", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76733", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76764", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76804", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76817", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76822", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76814", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76845", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76852", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76864", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76854", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7837" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7837", "reference_id": "CVE-2017-7837", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7837" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7837" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhyh-m8p3-ebdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62867?format=api", "vulnerability_id": "VCID-e4pk-uyeh-xfgk", "summary": "The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76955", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76719", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76884", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76901", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76889", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76906", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76751", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76733", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76764", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76775", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76804", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76776", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76817", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76822", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76814", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76845", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76852", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76864", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76854", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7832" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408782" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7832", "reference_id": "CVE-2017-7832", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7832" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7832" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4pk-uyeh-xfgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51571?format=api", "vulnerability_id": "VCID-ebzs-h9p8-tbb4", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could lead to the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75241", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75091", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75129", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75133", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75137", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75146", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75173", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75198", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75179", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75188", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75012", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75043", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75019", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75053", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75065", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75087", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75066", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75093", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00862", "scoring_system": "epss", "scoring_elements": "0.75101", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7830" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1408990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4035" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4061", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4061" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4075" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-26/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-26/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513311", "reference_id": "1513311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513311" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/ASA-201711-43", "reference_id": "ASA-201711-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-43" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://security.archlinux.org/AVG-530", "reference_id": "AVG-530", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-530" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7830", "reference_id": "CVE-2017-7830", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7830" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-25", "reference_id": "mfsa2017-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-26", "reference_id": "mfsa2017-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3247", "reference_id": "RHSA-2017:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3372", "reference_id": "RHSA-2017:3372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3372" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" }, { "reference_url": "https://usn.ubuntu.com/3490-1/", "reference_id": "USN-3490-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3490-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7830" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebzs-h9p8-tbb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62869?format=api", "vulnerability_id": "VCID-gkrs-1aat-efhf", "summary": "A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76988", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76748", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76917", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76934", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76921", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76938", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76752", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76781", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76762", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76833", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76812", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76849", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76854", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76845", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76877", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76885", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76897", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00984", "scoring_system": "epss", "scoring_elements": "0.76887", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7834" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358009" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7834", "reference_id": "CVE-2017-7834", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7834" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7834" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkrs-1aat-efhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62873?format=api", "vulnerability_id": "VCID-ka31-epgw-2kcq", "summary": "Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77947", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.7769", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77876", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77895", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77884", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77902", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77697", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77724", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.7774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77766", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.7775", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77749", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77786", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77785", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77819", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77834", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01072", "scoring_system": "epss", "scoring_elements": "0.77846", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7838" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1399540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1399540" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7838", "reference_id": "CVE-2017-7838", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7838" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7838" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ka31-epgw-2kcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62866?format=api", "vulnerability_id": "VCID-kg3p-hut6-47f6", "summary": "A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated _exposedProps_ mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56083", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55929", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55993", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56054", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56003", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56026", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.5604", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56061", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56039", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.5609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56105", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.561", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56102", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56073", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55999", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56019", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55995", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55946", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7831" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1392026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1392026" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7831", "reference_id": "CVE-2017-7831", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7831" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7831" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kg3p-hut6-47f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62875?format=api", "vulnerability_id": "VCID-qc2y-5tzg-ruav", "summary": "JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70527", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.7028", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70408", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70449", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.7048", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70475", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.7031", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70342", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70395", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70375", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70427", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70436", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7840" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1366420" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7840", "reference_id": "CVE-2017-7840", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7840" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7840" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc2y-5tzg-ruav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51569?format=api", "vulnerability_id": "VCID-wwjw-cqjk-8qe2", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could lead to the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96612", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96577", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96579", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.9658", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96588", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.9659", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96595", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96598", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96603", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.9653", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96538", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96544", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96546", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96554", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96556", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96559", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96562", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96568", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.28905", "scoring_system": "epss", "scoring_elements": "0.96574", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7828" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7826" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7848" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4035" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4061", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4061" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4075" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-25/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-26/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-26/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513310", "reference_id": "1513310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513310" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/ASA-201711-43", "reference_id": "ASA-201711-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-43" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://security.archlinux.org/AVG-530", "reference_id": "AVG-530", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-530" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7828", "reference_id": "CVE-2017-7828", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7828" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-25", "reference_id": "mfsa2017-25", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-25" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-26", "reference_id": "mfsa2017-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3247", "reference_id": "RHSA-2017:3247", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3247" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3372", "reference_id": "RHSA-2017:3372", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3372" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" }, { "reference_url": "https://usn.ubuntu.com/3490-1/", "reference_id": "USN-3490-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3490-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7828" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwjw-cqjk-8qe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62876?format=api", "vulnerability_id": "VCID-xn3a-bun2-vkhy", "summary": "If a document’s Referrer Policy attribute is set to \"no-referrer\" sometimes two network requests are made for <link> elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58401", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58202", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58295", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58353", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58306", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58334", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58288", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58308", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58282", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58336", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58342", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58359", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58316", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58349", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58329", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58291", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58303", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58253", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7842" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1397064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1397064" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7842", "reference_id": "CVE-2017-7842", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7842" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" }, { "reference_url": "https://usn.ubuntu.com/3477-1/", "reference_id": "USN-3477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7842" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xn3a-bun2-vkhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62871?format=api", "vulnerability_id": "VCID-y92g-afff-2ua7", "summary": "The \"pingsender\" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. *Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected.*", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24905", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25088", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24821", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24883", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24808", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24828", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2521", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24981", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25094", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25014", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25023", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25015", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24987", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24925", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24913", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24868", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24747", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7836" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1401339", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1401339" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" }, { "reference_url": "http://www.securityfocus.com/bid/101832", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101832" }, { "reference_url": "http://www.securitytracker.com/id/1039803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039803" }, { "reference_url": "https://security.archlinux.org/ASA-201711-23", "reference_id": "ASA-201711-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-23" }, { "reference_url": "https://security.archlinux.org/AVG-494", "reference_id": "AVG-494", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7836", "reference_id": "CVE-2017-7836", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7836" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24", "reference_id": "mfsa2017-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371492?format=api", "purl": "pkg:alpm/archlinux/firefox@57.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" } ], "aliases": [ "CVE-2017-7836" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y92g-afff-2ua7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@57.0-1" }