{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","type":"alpm","namespace":"archlinux","name":"firefox","version":"50.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"52.0-1","latest_non_vulnerable_version":"101.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50400?format=json","vulnerability_id":"VCID-avw6-7aqv-hbaa","summary":"Multiple vulnerabilities have been found in Mozilla SeaMonkey, the\n    worst of which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2843.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2843.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2850.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2850.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9079","reference_id":"","reference_type":"","scores":[{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99337","published_at":"2026-04-04T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99335","published_at":"2026-04-01T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99347","published_at":"2026-04-29T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99348","published_at":"2026-05-05T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99346","published_at":"2026-04-21T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99341","published_at":"2026-04-11T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.9934","published_at":"2026-04-09T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99339","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9079"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.exploit-db.com/exploits/41151/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.exploit-db.com/exploits/41151/"},{"reference_url":"https://www.exploit-db.com/exploits/42327/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.exploit-db.com/exploits/42327/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-92/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2016-92/"},{"reference_url":"http://www.securityfocus.com/bid/94591","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://www.securityfocus.com/bid/94591"},{"reference_url":"http://www.securitytracker.com/id/1037370","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://www.securitytracker.com/id/1037370"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400376","reference_id":"1400376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400376"},{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/ASA-201612-2","reference_id":"ASA-201612-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-2"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://security.archlinux.org/AVG-91","reference_id":"AVG-91","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-91"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb","reference_id":"CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb","reference_id":"CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9079","reference_id":"CVE-2016-9079","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9079"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html","reference_id":"CVE-2017-5375;CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html"},{"reference_url":"https://rh0dev.github.io/blog/2017/the-return-of-the-jit/","reference_id":"CVE-2017-5375;CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://rh0dev.github.io/blog/2017/the-return-of-the-jit/"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://security.gentoo.org/glsa/201701-35","reference_id":"GLSA-201701-35","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://security.gentoo.org/glsa/201701-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92","reference_id":"mfsa2016-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2843","reference_id":"RHSA-2016:2843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2850","reference_id":"RHSA-2016:2850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2850"},{"reference_url":"https://usn.ubuntu.com/3140-1/","reference_id":"USN-3140-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3140-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371598?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tcx-3zn1-ykdq"},{"vulnerability":"VCID-2ptm-gx1p-uyhf"},{"vulnerability":"VCID-2xe3-59tz-zbc3"},{"vulnerability":"VCID-4d2q-usge-77ft"},{"vulnerability":"VCID-5dyh-s3yd-vqes"},{"vulnerability":"VCID-9fsb-vzuc-efc5"},{"vulnerability":"VCID-fgnu-kh7z-xuau"},{"vulnerability":"VCID-gqhc-h5p7-dyh1"},{"vulnerability":"VCID-m5pb-75ag-tfep"},{"vulnerability":"VCID-pbrt-gcqj-kycv"},{"vulnerability":"VCID-qu91-vc1p-dyb1"},{"vulnerability":"VCID-wffz-7y83-qkbm"},{"vulnerability":"VCID-ysg5-wc3n-fbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}],"aliases":["CVE-2016-9079"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avw6-7aqv-hbaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62658?format=json","vulnerability_id":"VCID-fmub-ph5x-pbdu","summary":"Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9078","reference_id":"","reference_type":"","scores":[{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78815","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78669","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78746","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78742","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78771","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78777","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78795","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78706","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78688","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78721","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78745","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78719","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78748","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9078"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317641","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1317641"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-91/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-91/"},{"reference_url":"http://www.securityfocus.com/bid/94569","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94569"},{"reference_url":"http://www.securitytracker.com/id/1037353","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037353"},{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:49.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:50.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9078","reference_id":"CVE-2016-9078","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9078"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-91","reference_id":"mfsa2016-91","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-91"},{"reference_url":"https://usn.ubuntu.com/3140-1/","reference_id":"USN-3140-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3140-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371598?format=json","purl":"pkg:alpm/archlinux/firefox@50.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tcx-3zn1-ykdq"},{"vulnerability":"VCID-2ptm-gx1p-uyhf"},{"vulnerability":"VCID-2xe3-59tz-zbc3"},{"vulnerability":"VCID-4d2q-usge-77ft"},{"vulnerability":"VCID-5dyh-s3yd-vqes"},{"vulnerability":"VCID-9fsb-vzuc-efc5"},{"vulnerability":"VCID-fgnu-kh7z-xuau"},{"vulnerability":"VCID-gqhc-h5p7-dyh1"},{"vulnerability":"VCID-m5pb-75ag-tfep"},{"vulnerability":"VCID-pbrt-gcqj-kycv"},{"vulnerability":"VCID-qu91-vc1p-dyb1"},{"vulnerability":"VCID-wffz-7y83-qkbm"},{"vulnerability":"VCID-ysg5-wc3n-fbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1"}],"aliases":["CVE-2016-9078"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmub-ph5x-pbdu"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56746?format=json","vulnerability_id":"VCID-3dea-vjmc-b7eb","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5297","reference_id":"","reference_type":"","scores":[{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82956","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.8286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82898","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.829","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82921","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82931","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82935","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82795","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82825","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82853","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82869","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82864","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5297"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395058","reference_id":"1395058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395058"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5297","reference_id":"CVE-2016-5297","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5297"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5297"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dea-vjmc-b7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62659?format=json","vulnerability_id":"VCID-47dr-szw4-ryfr","summary":"During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5292","reference_id":"","reference_type":"","scores":[{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74956","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75032","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.7507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75075","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74997","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75009","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75031","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.7501","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75035","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5292"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395057","reference_id":"1395057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395057"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5292","reference_id":"CVE-2016-5292","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5292"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5292"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47dr-szw4-ryfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56742?format=json","vulnerability_id":"VCID-545u-wnrj-z3dh","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5291","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10695","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10895","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10894","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10853","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10813","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10751","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10797","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10822","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1095","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10918","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5291"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395065","reference_id":"1395065","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395065"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5291","reference_id":"CVE-2016-5291","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5291"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5291"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-545u-wnrj-z3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62664?format=json","vulnerability_id":"VCID-6cde-35h4-vqaj","summary":"An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9075","reference_id":"","reference_type":"","scores":[{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85417","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85562","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85518","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85515","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85537","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85546","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85545","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85429","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85449","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85472","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85495","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.8549","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85513","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9075"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395101","reference_id":"1395101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395101"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9075","reference_id":"CVE-2016-9075","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9075"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9075"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cde-35h4-vqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62674?format=json","vulnerability_id":"VCID-6pk2-g77j-h3b2","summary":"An integer overflow during the parsing of XML using the Expat library.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9063","reference_id":"","reference_type":"","scores":[{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85074","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85195","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85198","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85165","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85167","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85166","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85145","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85129","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85136","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85148","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85967","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9063"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2017/dsa-3898","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3898"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"http://www.securitytracker.com/id/1039427","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039427"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396540","reference_id":"1396540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396540"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/ASA-201706-32","reference_id":"ASA-201706-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-32"},{"reference_url":"https://security.archlinux.org/ASA-201707-27","reference_id":"ASA-201707-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-27"},{"reference_url":"https://security.archlinux.org/AVG-305","reference_id":"AVG-305","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-305"},{"reference_url":"https://security.archlinux.org/AVG-306","reference_id":"AVG-306","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-306"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9063","reference_id":"CVE-2016-9063","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9063"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9063"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pk2-g77j-h3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62671?format=json","vulnerability_id":"VCID-9gcq-8grt-vfhc","summary":"A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9070","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71805","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.7178","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.7181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71815","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71729","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71748","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71774","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9070"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396549","reference_id":"1396549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396549"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9070","reference_id":"CVE-2016-9070","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9070"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9070"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gcq-8grt-vfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62665?format=json","vulnerability_id":"VCID-f8wd-xgwu-8kgm","summary":"Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9077","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37904","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38358","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38136","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38019","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3843","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38454","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38318","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38368","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38376","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38393","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38331","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38379","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9077"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395099","reference_id":"1395099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395099"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9077","reference_id":"CVE-2016-9077","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9077"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9077"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8wd-xgwu-8kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62662?format=json","vulnerability_id":"VCID-jvy8-w1m2-ayaw","summary":"A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9068","reference_id":"","reference_type":"","scores":[{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82486","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82392","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82426","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82348","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82375","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82401","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82397","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9068"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396542","reference_id":"1396542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396542"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9068","reference_id":"CVE-2016-9068","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9068"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9068"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvy8-w1m2-ayaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62675?format=json","vulnerability_id":"VCID-mdpv-kcbb-9ubj","summary":"Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9071","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49149","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49313","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.4931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49276","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49239","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49267","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49273","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49288","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49261","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49266","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9071"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395100","reference_id":"1395100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395100"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9071","reference_id":"CVE-2016-9071","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9071"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9071"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdpv-kcbb-9ubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62661?format=json","vulnerability_id":"VCID-pybp-xzy7-q3a8","summary":"Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9067","reference_id":"","reference_type":"","scores":[{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80097","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80244","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80172","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80175","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80229","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80112","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.8014","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80166","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.8015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80142","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9067"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396539","reference_id":"1396539","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396539"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9067","reference_id":"CVE-2016-9067","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9067"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9067"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pybp-xzy7-q3a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56741?format=json","vulnerability_id":"VCID-qptm-f15t-57gj","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2825.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2825.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5290","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83219","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83155","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83195","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83081","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83127","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83121","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5290"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94335","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94335"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395066","reference_id":"1395066","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395066"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5290","reference_id":"CVE-2016-5290","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5290"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2825","reference_id":"RHSA-2016:2825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2825"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5290"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qptm-f15t-57gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62676?format=json","vulnerability_id":"VCID-rz6b-kepf-cfg9","summary":"Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5289","reference_id":"","reference_type":"","scores":[{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82765","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82927","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82871","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82791","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82834","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5289"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395098","reference_id":"1395098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395098"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5289","reference_id":"CVE-2016-5289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5289"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5289"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6b-kepf-cfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56747?format=json","vulnerability_id":"VCID-swmb-24y4-1kau","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9064","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50651","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50776","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5073","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50704","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50783","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50739","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50795","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50792","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50835","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50811","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50796","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395060","reference_id":"1395060","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395060"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9064","reference_id":"CVE-2016-9064","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9064"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9064"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swmb-24y4-1kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56748?format=json","vulnerability_id":"VCID-tgya-wnfn-t7eb","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9066","reference_id":"","reference_type":"","scores":[{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95578","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95593","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95594","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95544","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95568","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95571","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9066"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395061","reference_id":"1395061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395061"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9066","reference_id":"CVE-2016-9066","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9066"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9066"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgya-wnfn-t7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62672?format=json","vulnerability_id":"VCID-v28j-cvrw-p3c7","summary":"WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9073","reference_id":"","reference_type":"","scores":[{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7412","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74242","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74214","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7425","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74125","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74151","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74156","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74174","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74205","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9073"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396545","reference_id":"1396545","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396545"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9073","reference_id":"CVE-2016-9073","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9073"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9073"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v28j-cvrw-p3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56745?format=json","vulnerability_id":"VCID-yegk-sgdn-z3ae","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5296","reference_id":"","reference_type":"","scores":[{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85614","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8554","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85563","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85569","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85565","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85596","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85597","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85469","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85481","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85498","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85502","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85522","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85545","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85544","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5296"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94339","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94339"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395055","reference_id":"1395055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395055"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5296","reference_id":"CVE-2016-5296","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5296"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-5296"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yegk-sgdn-z3ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62673?format=json","vulnerability_id":"VCID-yy4z-p3f1-qbbc","summary":"An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9076","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67067","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67199","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67172","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67186","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67167","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67188","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67127","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67152","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67164","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67183","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67169","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9076"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396537","reference_id":"1396537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396537"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9076","reference_id":"CVE-2016-9076","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9076"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371605?format=json","purl":"pkg:alpm/archlinux/firefox@50.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-avw6-7aqv-hbaa"},{"vulnerability":"VCID-fmub-ph5x-pbdu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}],"aliases":["CVE-2016-9076"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy4z-p3f1-qbbc"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1"}