{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","type":"deb","namespace":"debian","name":"icedove","version":"38.7.0-1~deb7u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/546?format=json","vulnerability_id":"VCID-11uz-v7pw-v7hw","summary":"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=json","vulnerability_id":"VCID-1bx2-4ka7-w3cr","summary":"The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966","reference_id":"CVE-2016-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31","reference_id":"mfsa2016-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/232?format=json","vulnerability_id":"VCID-1es7-pnwd-pfdw","summary":"A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9066"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/650?format=json","vulnerability_id":"VCID-1j25-aujy-1fb3","summary":"A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7752"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1j25-aujy-1fb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/653?format=json","vulnerability_id":"VCID-1qr1-6zdx-fqd1","summary":"A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7757"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qr1-6zdx-fqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/602?format=json","vulnerability_id":"VCID-21fd-3bm8-nuhg","summary":"Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7787"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21fd-3bm8-nuhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217?format=json","vulnerability_id":"VCID-2dx6-ehwy-xubu","summary":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9899"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/646?format=json","vulnerability_id":"VCID-2ep2-61mb-cbd3","summary":"A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7749"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ep2-61mb-cbd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/647?format=json","vulnerability_id":"VCID-2nfu-kf32-myag","summary":"A use-after-free vulnerability during video control operations when a <track> element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7750"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nfu-kf32-myag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/540?format=json","vulnerability_id":"VCID-3am9-1vdf-27gt","summary":"JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5375"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/604?format=json","vulnerability_id":"VCID-3qw2-tzj7-u3fa","summary":"A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qw2-tzj7-u3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=json","vulnerability_id":"VCID-3uny-z4bs-9bfk","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791","reference_id":"CVE-2016-2791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/541?format=json","vulnerability_id":"VCID-442s-jgvp-gfav","summary":"Use-after-free while manipulating XSL in XSLT documents","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5376"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218?format=json","vulnerability_id":"VCID-4cyw-yxhd-77af","summary":"Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9895"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228?format=json","vulnerability_id":"VCID-4eg8-dc82-fqd6","summary":"Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9893"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/522?format=json","vulnerability_id":"VCID-4gky-p4gv-u7cw","summary":"Video files loaded video captions cross-origin without checking for the presence of  CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gky-p4gv-u7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=json","vulnerability_id":"VCID-4hgx-k5jn-ckeu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977","reference_id":"CVE-2016-1977","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/519?format=json","vulnerability_id":"VCID-4ncv-bsfh-kufk","summary":"Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5410"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncv-bsfh-kufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=json","vulnerability_id":"VCID-4r11-gv5n-rbhb","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793","reference_id":"CVE-2016-2793","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/539?format=json","vulnerability_id":"VCID-53n9-hyzh-yyaz","summary":"Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5398"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53n9-hyzh-yyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/595?format=json","vulnerability_id":"VCID-5a6g-h3b1-vqfy","summary":"A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5a6g-h3b1-vqfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/547?format=json","vulnerability_id":"VCID-5m57-7cch-v3ga","summary":"Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5373"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4541?format=json","vulnerability_id":"VCID-6pr4-1zfj-9ydj","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7772"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pr4-1zfj-9ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/659?format=json","vulnerability_id":"VCID-6s7e-79u3-h7ed","summary":"Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, and Nils Ohlmeier reported memory safety bugs present in Firefox 53, Firefox ESR 52.1, and Thunderbird 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-5470"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s7e-79u3-h7ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/229?format=json","vulnerability_id":"VCID-6xqg-t9fu-2kfk","summary":"A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5296"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/596?format=json","vulnerability_id":"VCID-74ur-xkr1-a7er","summary":"A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7809"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74ur-xkr1-a7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=json","vulnerability_id":"VCID-7hry-whqg-97gm","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807","reference_id":"CVE-2016-2807","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2807"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=json","vulnerability_id":"VCID-86p5-m5xh-wba9","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798","reference_id":"CVE-2016-2798","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2798"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/597?format=json","vulnerability_id":"VCID-883g-dbap-u7aw","summary":"A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7784"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-883g-dbap-u7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4537?format=json","vulnerability_id":"VCID-8hfq-xxg6-tue8","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfq-xxg6-tue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=json","vulnerability_id":"VCID-9hcm-h8uk-xygz","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802","reference_id":"CVE-2016-2802","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/233?format=json","vulnerability_id":"VCID-9tuh-j2va-53hy","summary":"A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5291"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1950"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=json","vulnerability_id":"VCID-a5ee-c6f4-tufu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790","reference_id":"CVE-2016-2790","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4542?format=json","vulnerability_id":"VCID-abde-jm4w-5yde","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7771"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abde-jm4w-5yde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/601?format=json","vulnerability_id":"VCID-azwt-6846-1kgm","summary":"An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7753"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azwt-6846-1kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=json","vulnerability_id":"VCID-b1zu-35mw-jkdg","summary":"Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957","reference_id":"CVE-2016-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20","reference_id":"mfsa2016-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/545?format=json","vulnerability_id":"VCID-bn6e-q2fz-7fba","summary":"A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5396"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/645?format=json","vulnerability_id":"VCID-bxpd-zacn-8bfv","summary":"A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-5472"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxpd-zacn-8bfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=json","vulnerability_id":"VCID-cr9v-b95v-eyha","summary":"Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974","reference_id":"CVE-2016-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34","reference_id":"mfsa2016-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1974"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/512?format=json","vulnerability_id":"VCID-d5gv-m4u7-3bfc","summary":"JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gv-m4u7-3bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=json","vulnerability_id":"VCID-dhjd-31cm-1fh6","summary":"Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960","reference_id":"CVE-2016-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23","reference_id":"mfsa2016-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1960"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=json","vulnerability_id":"VCID-dxam-cewh-63dt","summary":"Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954","reference_id":"CVE-2016-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17","reference_id":"mfsa2016-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1954"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247?format=json","vulnerability_id":"VCID-e35v-ppxg-tkd1","summary":"Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257"},{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5257"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e35v-ppxg-tkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1938?format=json","vulnerability_id":"VCID-eefa-gdnq-8kb7","summary":"Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836","reference_id":"CVE-2016-2836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62","reference_id":"mfsa2016-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eefa-gdnq-8kb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=json","vulnerability_id":"VCID-egv5-6c33-tfb9","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805","reference_id":"CVE-2016-2805","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/598?format=json","vulnerability_id":"VCID-f9cy-h7kt-zudr","summary":"A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9cy-h7kt-zudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=json","vulnerability_id":"VCID-fam8-n44k-2qh7","summary":"Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979","reference_id":"CVE-2016-1979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36","reference_id":"mfsa2016-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1979"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=json","vulnerability_id":"VCID-ftnc-qwd9-jubp","summary":"Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962","reference_id":"CVE-2016-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25","reference_id":"mfsa2016-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1962"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=json","vulnerability_id":"VCID-fxjs-kgb3-6bb7","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794","reference_id":"CVE-2016-2794","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/608?format=json","vulnerability_id":"VCID-fznu-jdyc-47hv","summary":"When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7803"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fznu-jdyc-47hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/600?format=json","vulnerability_id":"VCID-gcyv-192g-3ygq","summary":"A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7786"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyv-192g-3ygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/513?format=json","vulnerability_id":"VCID-jc41-75ha-97c9","summary":"A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5401"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-75ha-97c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=json","vulnerability_id":"VCID-jr76-2aht-uqb2","summary":"Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961","reference_id":"CVE-2016-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24","reference_id":"mfsa2016-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=json","vulnerability_id":"VCID-jubn-vjus-h3e8","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792","reference_id":"CVE-2016-2792","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250?format=json","vulnerability_id":"VCID-k1rz-f92p-ducs","summary":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/ASA-201612-2","reference_id":"ASA-201612-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-2"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://security.archlinux.org/AVG-91","reference_id":"AVG-91","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-91"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92","reference_id":"mfsa2016-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/609?format=json","vulnerability_id":"VCID-k458-ek4h-4kht","summary":"Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7779"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k458-ek4h-4kht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=json","vulnerability_id":"VCID-kcpz-uwq4-skf4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799","reference_id":"CVE-2016-2799","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2799"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/235?format=json","vulnerability_id":"VCID-kkjv-tyxm-6ub7","summary":"Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5290"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=json","vulnerability_id":"VCID-ksda-d24x-8bcf","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797","reference_id":"CVE-2016-2797","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/222?format=json","vulnerability_id":"VCID-m1ve-ttqh-3ucn","summary":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9900"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/535?format=json","vulnerability_id":"VCID-m2ee-rr9r-u3ge","summary":"Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5405"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ee-rr9r-u3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/542?format=json","vulnerability_id":"VCID-m7n2-1ppv-jfcm","summary":"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5378"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/606?format=json","vulnerability_id":"VCID-md7v-but8-7qdz","summary":"On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-md7v-but8-7qdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=json","vulnerability_id":"VCID-mxj9-cgmx-zkg9","summary":"Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964","reference_id":"CVE-2016-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27","reference_id":"mfsa2016-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1964"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/544?format=json","vulnerability_id":"VCID-n9bg-836z-abb8","summary":"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4536?format=json","vulnerability_id":"VCID-njra-xv9f-ffck","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7777"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njra-xv9f-ffck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/518?format=json","vulnerability_id":"VCID-nv26-s56m-vkdh","summary":"Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5407"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv26-s56m-vkdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/594?format=json","vulnerability_id":"VCID-p1ry-j666-3qhy","summary":"A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7800"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1ry-j666-3qhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4539?format=json","vulnerability_id":"VCID-ppw9-56ha-2bhm","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7774"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppw9-56ha-2bhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/648?format=json","vulnerability_id":"VCID-s4se-eex7-h7a6","summary":"A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7751"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4se-eex7-h7a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=json","vulnerability_id":"VCID-s874-n3jb-23h1","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796","reference_id":"CVE-2016-2796","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2796"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/657?format=json","vulnerability_id":"VCID-s8cd-xy2t-vyem","summary":"Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7764"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8cd-xy2t-vyem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1966?format=json","vulnerability_id":"VCID-ta8f-s9rp-dqc3","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806","reference_id":"CVE-2016-2806","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2806"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ta8f-s9rp-dqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/651?format=json","vulnerability_id":"VCID-u7r9-ukbq-mkb4","summary":"An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7754"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7r9-ukbq-mkb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/652?format=json","vulnerability_id":"VCID-uaga-tye9-gqg1","summary":"A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7756"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaga-tye9-gqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/654?format=json","vulnerability_id":"VCID-uh5h-t12y-h3b1","summary":"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7778"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh5h-t12y-h3b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/603?format=json","vulnerability_id":"VCID-uww5-29jb-n3gc","summary":"A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7807"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uww5-29jb-n3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/221?format=json","vulnerability_id":"VCID-vdup-4rw5-bke7","summary":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/249?format=json","vulnerability_id":"VCID-vfzf-pypu-qufk","summary":"A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9905"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfzf-pypu-qufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/231?format=json","vulnerability_id":"VCID-vhgu-g4te-7bff","summary":"An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1897?format=json","vulnerability_id":"VCID-w3p3-evn1-eqgm","summary":"Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818","reference_id":"CVE-2016-2818","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-49","reference_id":"mfsa2016-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2818"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3p3-evn1-eqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/220?format=json","vulnerability_id":"VCID-wbtg-ecpe-8bcy","summary":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=json","vulnerability_id":"VCID-wd34-8uw6-2uh4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801","reference_id":"CVE-2016-2801","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/514?format=json","vulnerability_id":"VCID-wx4s-73zs-cfap","summary":"A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wx4s-73zs-cfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/655?format=json","vulnerability_id":"VCID-wxca-7hua-tubu","summary":"An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7758"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxca-7hua-tubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/599?format=json","vulnerability_id":"VCID-x2hg-g7n3-8qbw","summary":"A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7785"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hg-g7n3-8qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/234?format=json","vulnerability_id":"VCID-x4x5-44xh-6uat","summary":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9074"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=json","vulnerability_id":"VCID-xmkv-47hn-43ck","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800","reference_id":"CVE-2016-2800","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2800"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/516?format=json","vulnerability_id":"VCID-xtbe-gv4p-23fn","summary":"A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5404"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xtbe-gv4p-23fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/543?format=json","vulnerability_id":"VCID-yk3y-5my9-auak","summary":"A potential use-after-free found through fuzzing during DOM manipulation of SVG content.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5380"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=json","vulnerability_id":"VCID-yssr-7m7d-b7fh","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795","reference_id":"CVE-2016-2795","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4540?format=json","vulnerability_id":"VCID-zakg-k4hk-fyhm","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7773"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zakg-k4hk-fyhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/223?format=json","vulnerability_id":"VCID-zbxg-zh9z-n7gg","summary":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9904"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3029?format=json","vulnerability_id":"VCID-1322-2jgj-2kh2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724","reference_id":"CVE-2015-2724","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59","reference_id":"mfsa2015-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1322-2jgj-2kh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=json","vulnerability_id":"VCID-1bx2-4ka7-w3cr","summary":"The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966","reference_id":"CVE-2016-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31","reference_id":"mfsa2016-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2913?format=json","vulnerability_id":"VCID-35ek-28ks-vqdf","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734","reference_id":"CVE-2015-2734","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35ek-28ks-vqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=json","vulnerability_id":"VCID-3uny-z4bs-9bfk","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791","reference_id":"CVE-2016-2791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=json","vulnerability_id":"VCID-4hgx-k5jn-ckeu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977","reference_id":"CVE-2016-1977","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=json","vulnerability_id":"VCID-4r11-gv5n-rbhb","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793","reference_id":"CVE-2016-2793","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2915?format=json","vulnerability_id":"VCID-644p-f2nh-e7ah","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736","reference_id":"CVE-2015-2736","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2736"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-644p-f2nh-e7ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2988?format=json","vulnerability_id":"VCID-6q33-akyf-v7cw","summary":"Mozilla developer Ehsan Akhgari reported a mechanism through which a\nweb worker could be used\nto bypass secure requirements for WebSockets when workers are used to create WebSockets.\nThis allows for the bypassing of mixed content WebSocket policy.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197","reference_id":"CVE-2015-7197","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132","reference_id":"mfsa2015-132","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q33-akyf-v7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2928?format=json","vulnerability_id":"VCID-6x8h-7v19-x7d2","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an integer overflow when\nwhen allocating textures of extremely larges sizes during graphics operations. This\nresults in a potentially exploitable crash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212","reference_id":"CVE-2015-7212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139","reference_id":"mfsa2015-139","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7212"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x8h-7v19-x7d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=json","vulnerability_id":"VCID-7gkv-pu79-43hx","summary":"Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"CVE-2015-4000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70","reference_id":"mfsa2015-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-4000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=json","vulnerability_id":"VCID-81zk-xrsj-cufe","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=json","vulnerability_id":"VCID-86p5-m5xh-wba9","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798","reference_id":"CVE-2016-2798","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2798"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2919?format=json","vulnerability_id":"VCID-89x5-7hfe-jbc7","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740","reference_id":"CVE-2015-2740","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2740"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89x5-7hfe-jbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=json","vulnerability_id":"VCID-9hcm-h8uk-xygz","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802","reference_id":"CVE-2016-2802","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1950"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=json","vulnerability_id":"VCID-a5ee-c6f4-tufu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790","reference_id":"CVE-2016-2790","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3017?format=json","vulnerability_id":"VCID-a5mh-mmhh-pfg6","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199","reference_id":"CVE-2015-7199","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5mh-mmhh-pfg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3023?format=json","vulnerability_id":"VCID-ac68-q866-pugy","summary":"Security researcher Gustavo Grieco reported a buffer underflow in\nlibjar triggered through a maliciously crafted ZIP format file. This results\nin a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194","reference_id":"CVE-2015-7194","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128","reference_id":"mfsa2015-128","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ac68-q866-pugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3016?format=json","vulnerability_id":"VCID-agrg-fr7r-zyec","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198","reference_id":"CVE-2015-7198","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7198"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agrg-fr7r-zyec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2916?format=json","vulnerability_id":"VCID-are2-nwm2-ekfb","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737","reference_id":"CVE-2015-2737","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2737"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-are2-nwm2-ekfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=json","vulnerability_id":"VCID-b1zu-35mw-jkdg","summary":"Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957","reference_id":"CVE-2016-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20","reference_id":"mfsa2016-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2910?format=json","vulnerability_id":"VCID-cjnx-d8j7-zqg3","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjnx-d8j7-zqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=json","vulnerability_id":"VCID-cr9v-b95v-eyha","summary":"Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974","reference_id":"CVE-2016-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34","reference_id":"mfsa2016-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1974"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3002?format=json","vulnerability_id":"VCID-cvjs-nw3e-6be2","summary":"Security researcher Shinto K Anto reported an issue with cross-origin\nresource sharing (CORS) \"preflight\" requests when receiving certain\nContent-Type headers. This is due to an error in implementation resulting in\ntrying to process multiple media types when they are returned in the\nContent-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a\n\"preflight\" request, leading to potential same-origin policy violation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193","reference_id":"CVE-2015-7193","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127","reference_id":"mfsa2015-127","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7193"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvjs-nw3e-6be2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2982?format=json","vulnerability_id":"VCID-ddgc-sfjs-bkgg","summary":"Security researcher Michał Bentkowski reported that adding white-space\ncharacters to hostnames that are IP addresses can bypass same-origin policy. This flaw was\ncaused by trailing whitespaces being evaluated differently when parsing IP addresses\ninstead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188","reference_id":"CVE-2015-7188","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122","reference_id":"mfsa2015-122","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7188"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgc-sfjs-bkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=json","vulnerability_id":"VCID-dhjd-31cm-1fh6","summary":"Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960","reference_id":"CVE-2016-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23","reference_id":"mfsa2016-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1960"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=json","vulnerability_id":"VCID-dxam-cewh-63dt","summary":"Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954","reference_id":"CVE-2016-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17","reference_id":"mfsa2016-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1954"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1866?format=json","vulnerability_id":"VCID-ecjy-9yqg-d7g5","summary":"Security researcher Holger Fuhrmannek reported that a malicious\nGraphite \"smart font\" could circumvent the validation of internal instruction parameters\nin the Graphite 2 library using special CNTXT_ITEM instructions. This could result in\narbitrary code execution.\n This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523","reference_id":"CVE-2016-1523","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14","reference_id":"mfsa2016-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2016-1523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecjy-9yqg-d7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2914?format=json","vulnerability_id":"VCID-ewxc-cgha-5ya6","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735","reference_id":"CVE-2015-2735","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2735"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewxc-cgha-5ya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=json","vulnerability_id":"VCID-ftnc-qwd9-jubp","summary":"Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962","reference_id":"CVE-2016-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25","reference_id":"mfsa2016-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1962"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=json","vulnerability_id":"VCID-fxjs-kgb3-6bb7","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794","reference_id":"CVE-2016-2794","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2920?format=json","vulnerability_id":"VCID-h99r-s2rd-dbf9","summary":"Security researcher Ronald Crane reported a vulnerability found\nthrough code inspection. This issue is an integer overflow while processing an MP4 format\nvideo file when an a erroneously-small buffer is allocated and then overrun, resulting in\na potentially exploitable crash.\nThis issue only affects 64-bit versions with 32-bit versions being\nunaffected.In general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213","reference_id":"CVE-2015-7213","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146","reference_id":"mfsa2015-146","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7213"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h99r-s2rd-dbf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2976?format=json","vulnerability_id":"VCID-hgqa-m8ub-f3dc","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473","reference_id":"CVE-2015-4473","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-79","reference_id":"mfsa2015-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-4473"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgqa-m8ub-f3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=json","vulnerability_id":"VCID-jr76-2aht-uqb2","summary":"Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961","reference_id":"CVE-2016-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24","reference_id":"mfsa2016-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=json","vulnerability_id":"VCID-jubn-vjus-h3e8","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792","reference_id":"CVE-2016-2792","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=json","vulnerability_id":"VCID-kcpz-uwq4-skf4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799","reference_id":"CVE-2016-2799","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2799"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2917?format=json","vulnerability_id":"VCID-knkj-95et-a7bh","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738","reference_id":"CVE-2015-2738","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2738"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knkj-95et-a7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=json","vulnerability_id":"VCID-ksda-d24x-8bcf","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797","reference_id":"CVE-2016-2797","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2908?format=json","vulnerability_id":"VCID-m6a6-yhfk-1ufh","summary":"Security researcher Tsubasa Iinuma reported a mechanism to violate\nsame-origin policy to content using data: and view-source: URIs\nto confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214","reference_id":"CVE-2015-7214","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149","reference_id":"mfsa2015-149","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7214"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6a6-yhfk-1ufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2909?format=json","vulnerability_id":"VCID-mq7v-8uvq-5yeq","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq7v-8uvq-5yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=json","vulnerability_id":"VCID-mxj9-cgmx-zkg9","summary":"Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964","reference_id":"CVE-2016-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27","reference_id":"mfsa2016-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1964"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2924?format=json","vulnerability_id":"VCID-njfh-euqq-hyek","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488","reference_id":"CVE-2015-4488","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-4488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njfh-euqq-hyek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2906?format=json","vulnerability_id":"VCID-psax-4qxx-1udr","summary":"Security researcher Ronald Crane reported an underflow found through\ncode inspection. This does not all have a clear mechanism to be exploited through web\ncontent but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205","reference_id":"CVE-2015-7205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145","reference_id":"mfsa2015-145","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psax-4qxx-1udr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3021?format=json","vulnerability_id":"VCID-rf44-229c-qubm","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201","reference_id":"CVE-2015-7201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134","reference_id":"mfsa2015-134","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rf44-229c-qubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1881?format=json","vulnerability_id":"VCID-rhmy-7533-6be9","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930","reference_id":"CVE-2016-1930","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01","reference_id":"mfsa2016-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2016-1930"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmy-7533-6be9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=json","vulnerability_id":"VCID-s874-n3jb-23h1","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796","reference_id":"CVE-2016-2796","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2796"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1946?format=json","vulnerability_id":"VCID-tw6u-q876-yfbm","summary":"Security researcher Aki Helin used the Address Sanitizer tool to find\na buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935","reference_id":"CVE-2016-1935","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03","reference_id":"mfsa2016-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2016-1935"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6u-q876-yfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3052?format=json","vulnerability_id":"VCID-tx75-3f4v-j3f3","summary":"Security researcher Looben Yang reported a buffer overflow in the\nJPEGEncoder function during script interactions with a canvas\nelement. This is caused by a race condition and incorrectly matched sizes following image\ninteractions. This leads to a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189","reference_id":"CVE-2015-7189","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123","reference_id":"mfsa2015-123","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7189"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx75-3f4v-j3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=json","vulnerability_id":"VCID-vct8-ur1y-63db","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"CVE-2015-2721","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3018?format=json","vulnerability_id":"VCID-vswn-ph7t-akfr","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200","reference_id":"CVE-2015-7200","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-7200"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vswn-ph7t-akfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=json","vulnerability_id":"VCID-wd34-8uw6-2uh4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801","reference_id":"CVE-2016-2801","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2923?format=json","vulnerability_id":"VCID-wjz2-h366-vbae","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487","reference_id":"CVE-2015-4487","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-4487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjz2-h366-vbae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=json","vulnerability_id":"VCID-xmkv-47hn-43ck","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800","reference_id":"CVE-2016-2800","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2800"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2925?format=json","vulnerability_id":"VCID-y429-zgqe-4ffk","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489","reference_id":"CVE-2015-4489","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-4489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y429-zgqe-4ffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2992?format=json","vulnerability_id":"VCID-ymzx-f3pc-pfc2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513","reference_id":"CVE-2015-4513","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116","reference_id":"mfsa2015-116","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-4513"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymzx-f3pc-pfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2918?format=json","vulnerability_id":"VCID-yr7f-4cr1-nye2","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739","reference_id":"CVE-2015-2739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4047?format=json","purl":"pkg:deb/debian/icedove@31.8.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@31.8.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}],"aliases":["CVE-2015-2739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr7f-4cr1-nye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=json","vulnerability_id":"VCID-yssr-7m7d-b7fh","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795","reference_id":"CVE-2016-2795","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"}