{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","type":"deb","namespace":"debian","name":"iceweasel","version":"31.6.0esr-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3029?format=json","vulnerability_id":"VCID-1322-2jgj-2kh2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724","reference_id":"CVE-2015-2724","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59","reference_id":"mfsa2015-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1322-2jgj-2kh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=json","vulnerability_id":"VCID-1bx2-4ka7-w3cr","summary":"The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966","reference_id":"CVE-2016-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31","reference_id":"mfsa2016-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1887?format=json","vulnerability_id":"VCID-27t5-214b-33g2","summary":"Using Address Sanitizer, security researcher Sascha Just reported a\nbuffer overflow in the libstagefright library due to issues with the handling of CENC\noffsets and the sizes table. This results in a potentially exploitable crash triggerable\nthrough web content.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814","reference_id":"CVE-2016-2814","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44","reference_id":"mfsa2016-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2814"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27t5-214b-33g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2938?format=json","vulnerability_id":"VCID-2p4t-fga2-sqfa","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174","reference_id":"CVE-2015-7174","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p4t-fga2-sqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1891?format=json","vulnerability_id":"VCID-2pb1-uy1v-vuf1","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952","reference_id":"CVE-2016-1952","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16","reference_id":"mfsa2016-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1952"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pb1-uy1v-vuf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2943?format=json","vulnerability_id":"VCID-2r71-u8q9-t7fw","summary":"Security researcher Herre reported a use-after-free\nvulnerability when a Content Policy modifies the Document Object Model to\nremove a DOM object, which is then used afterwards due to an error in microtask\nimplementation. This leads to an exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731","reference_id":"CVE-2015-2731","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63","reference_id":"mfsa2015-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2731"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r71-u8q9-t7fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2911?format=json","vulnerability_id":"VCID-2sem-6a6r-suem","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"CVE-2015-7183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sem-6a6r-suem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2970?format=json","vulnerability_id":"VCID-2u3s-8pqy-27gd","summary":"Security researcher Aki Helin used the Address Sanitizer\ntool to find a buffer overflow during video playback on Linux systems. This was\ndue to a problem in older versions of the Gstreamer plugin during the parsing of\nH.264 formatted video. This issue could be used to induce a possibly exploitable\ncrash.\nThis issue does not affect the current 1.0 version of Gstreamer\nand does not affect Windows or OS X systems.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797","reference_id":"CVE-2015-0797","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-47","reference_id":"mfsa2015-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-0797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u3s-8pqy-27gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2913?format=json","vulnerability_id":"VCID-35ek-28ks-vqdf","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734","reference_id":"CVE-2015-2734","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35ek-28ks-vqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=json","vulnerability_id":"VCID-3uny-z4bs-9bfk","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791","reference_id":"CVE-2016-2791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=json","vulnerability_id":"VCID-4hgx-k5jn-ckeu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977","reference_id":"CVE-2016-1977","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=json","vulnerability_id":"VCID-4r11-gv5n-rbhb","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793","reference_id":"CVE-2016-2793","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3092?format=json","vulnerability_id":"VCID-59jz-5qv2-5yb1","summary":"Security researcher André Bargull reported non-configurable\nproperties on JavaScript objects can be redefined while parsing JSON in\nviolation of the ECMAScript 6 standard. This allows malicious web content to\nbypass same-origin policy by editing these properties to arbitrary values.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478","reference_id":"CVE-2015-4478","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-82","reference_id":"mfsa2015-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4478"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59jz-5qv2-5yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2995?format=json","vulnerability_id":"VCID-63se-aey7-4kdh","summary":"Mozilla developer Ehsan Akhgari reported two issues with Cross-origin\nresource sharing (CORS) \"preflight\" requests.The first issue is that in some circumstances the same cache key can be generated for\ntwo preflight requests on a site. As a result, if a second request is made that will match\nthe cached key generated by an earlier request, CORS checks will be bypassed because the\nsystem will see the previously cached request as applicable.In the second issue, when some Access-Control- headers are missing from\nCORS responses, the values from different Access-Control- headers can be used\nthat present in the same response. In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520","reference_id":"CVE-2015-4520","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111","reference_id":"mfsa2015-111","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63se-aey7-4kdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2915?format=json","vulnerability_id":"VCID-644p-f2nh-e7ah","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736","reference_id":"CVE-2015-2736","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2736"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-644p-f2nh-e7ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2988?format=json","vulnerability_id":"VCID-6q33-akyf-v7cw","summary":"Mozilla developer Ehsan Akhgari reported a mechanism through which a\nweb worker could be used\nto bypass secure requirements for WebSockets when workers are used to create WebSockets.\nThis allows for the bypassing of mixed content WebSocket policy.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197","reference_id":"CVE-2015-7197","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132","reference_id":"mfsa2015-132","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q33-akyf-v7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2928?format=json","vulnerability_id":"VCID-6x8h-7v19-x7d2","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an integer overflow when\nwhen allocating textures of extremely larges sizes during graphics operations. This\nresults in a potentially exploitable crash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212","reference_id":"CVE-2015-7212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139","reference_id":"mfsa2015-139","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7212"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x8h-7v19-x7d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2926?format=json","vulnerability_id":"VCID-79px-mpkc-ybf6","summary":"Mozilla community member Jean-Max Reymond discovered a use-after-free\nvulnerability with a <canvas> element on a page. This occurs when a\nresize event is triggered in concert with style changes but the canvas references have\nbeen recreated in the meantime, destroying the originally referenced context. This results\nin an exploitable crash.Ucha Gobejishvili, working with HP's Zero Day Initiative, subsequently reported this\nsame issue.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497","reference_id":"CVE-2015-4497","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-94","reference_id":"mfsa2015-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4497"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79px-mpkc-ybf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2939?format=json","vulnerability_id":"VCID-7chb-gfkw-kkdc","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175","reference_id":"CVE-2015-7175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7chb-gfkw-kkdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=json","vulnerability_id":"VCID-7gkv-pu79-43hx","summary":"Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"CVE-2015-4000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70","reference_id":"mfsa2015-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=json","vulnerability_id":"VCID-7hry-whqg-97gm","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807","reference_id":"CVE-2016-2807","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2807"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=json","vulnerability_id":"VCID-81zk-xrsj-cufe","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=json","vulnerability_id":"VCID-86p5-m5xh-wba9","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798","reference_id":"CVE-2016-2798","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2798"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2955?format=json","vulnerability_id":"VCID-89p2-k3uk-bkhp","summary":"Security researcher Mario Gomes reported that when a previously\nloaded image on a page is drag and dropped into content after a redirect, the redirected\nURL is available to scripts. This is a violation of the  Fetch specification's defined behavior for\n\"Atomic HTTP redirect handling\" which states that redirected URLs are not exposed to any\nAPIs. This can allow for information leakage. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519","reference_id":"CVE-2015-4519","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110","reference_id":"mfsa2015-110","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89p2-k3uk-bkhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2919?format=json","vulnerability_id":"VCID-89x5-7hfe-jbc7","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740","reference_id":"CVE-2015-2740","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2740"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89x5-7hfe-jbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3093?format=json","vulnerability_id":"VCID-8z2y-h8mf-4fgk","summary":"Mozilla developer Gerald Squelart fixed an integer underflow in the\nlibstagefright library initially reported by Joshua Drake to Google. The issues occurred\nin MP4 format video file while parsing cover metadata, leading  to a buffer overflow. This\nresults in a potentially exploitable crash and can be triggered by a malformed MP4\nfile served by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222","reference_id":"CVE-2015-7222","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147","reference_id":"mfsa2015-147","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7222"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8z2y-h8mf-4fgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=json","vulnerability_id":"VCID-9hcm-h8uk-xygz","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802","reference_id":"CVE-2016-2802","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2802"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1950"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=json","vulnerability_id":"VCID-a5ee-c6f4-tufu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790","reference_id":"CVE-2016-2790","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3017?format=json","vulnerability_id":"VCID-a5mh-mmhh-pfg6","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199","reference_id":"CVE-2015-7199","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7199"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5mh-mmhh-pfg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3023?format=json","vulnerability_id":"VCID-ac68-q866-pugy","summary":"Security researcher Gustavo Grieco reported a buffer underflow in\nlibjar triggered through a maliciously crafted ZIP format file. This results\nin a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194","reference_id":"CVE-2015-7194","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128","reference_id":"mfsa2015-128","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7194"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ac68-q866-pugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3016?format=json","vulnerability_id":"VCID-agrg-fr7r-zyec","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198","reference_id":"CVE-2015-7198","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7198"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agrg-fr7r-zyec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2916?format=json","vulnerability_id":"VCID-are2-nwm2-ekfb","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737","reference_id":"CVE-2015-2737","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2737"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-are2-nwm2-ekfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=json","vulnerability_id":"VCID-b1zu-35mw-jkdg","summary":"Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957","reference_id":"CVE-2016-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20","reference_id":"mfsa2016-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1957"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3043?format=json","vulnerability_id":"VCID-b91n-146p-u3a5","summary":"Mozilla community member Vytautas Staraitis reported an issue with the\ninteraction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript\nwrapper when it is still in use, which leads to a JavaScript garbage collection crash.\nThis crash is potentially exploitable.\nThis issue only affects systems where Java is installed and enabled as a\nbrowser plugin. Other systems are unaffected.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196","reference_id":"CVE-2015-7196","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-130","reference_id":"mfsa2015-130","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-130"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7196"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b91n-146p-u3a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2967?format=json","vulnerability_id":"VCID-bndf-h1gn-dbhg","summary":"Security researcher Looben Yang discovered a use-after-free\nvulnerability when recursively calling .open() on an XMLHttpRequest\nin a SharedWorker.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492","reference_id":"CVE-2015-4492","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-92","reference_id":"mfsa2015-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bndf-h1gn-dbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2971?format=json","vulnerability_id":"VCID-cf7n-mn5h-yyaq","summary":"Using the Address Sanitizer tool, security researcher Atte\nKettunen discovered a buffer overflow in the nestegg library when decoding a WebM\nformat video with maliciously formatted headers. This leads to a potentially exploitable\ncrash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511","reference_id":"CVE-2015-4511","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105","reference_id":"mfsa2015-105","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4511"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf7n-mn5h-yyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2910?format=json","vulnerability_id":"VCID-cjnx-d8j7-zqg3","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjnx-d8j7-zqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=json","vulnerability_id":"VCID-cr9v-b95v-eyha","summary":"Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974","reference_id":"CVE-2016-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34","reference_id":"mfsa2016-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1974"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3002?format=json","vulnerability_id":"VCID-cvjs-nw3e-6be2","summary":"Security researcher Shinto K Anto reported an issue with cross-origin\nresource sharing (CORS) \"preflight\" requests when receiving certain\nContent-Type headers. This is due to an error in implementation resulting in\ntrying to process multiple media types when they are returned in the\nContent-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a\n\"preflight\" request, leading to potential same-origin policy violation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193","reference_id":"CVE-2015-7193","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127","reference_id":"mfsa2015-127","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7193"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvjs-nw3e-6be2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2966?format=json","vulnerability_id":"VCID-cwdt-7ey1-5bax","summary":"Security researcher Khalil Zhani reported that a maliciously crafted\nvp9 format video could be used to trigger a buffer overflow while parsing the file. This\nleads to a potentially exploitable crash due to a flaw in the libvpx library. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506","reference_id":"CVE-2015-4506","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101","reference_id":"mfsa2015-101","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4506"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwdt-7ey1-5bax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2982?format=json","vulnerability_id":"VCID-ddgc-sfjs-bkgg","summary":"Security researcher Michał Bentkowski reported that adding white-space\ncharacters to hostnames that are IP addresses can bypass same-origin policy. This flaw was\ncaused by trailing whitespaces being evaluated differently when parsing IP addresses\ninstead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188","reference_id":"CVE-2015-7188","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122","reference_id":"mfsa2015-122","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7188"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgc-sfjs-bkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=json","vulnerability_id":"VCID-dhjd-31cm-1fh6","summary":"Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960","reference_id":"CVE-2016-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23","reference_id":"mfsa2016-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1960"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1970?format=json","vulnerability_id":"VCID-dpxq-myh4-wfbs","summary":"Security researcher Tsubasa Iinuma reported a mechanism where the\ndisplayed addressbar can be spoofed to users. This issue involves using history navigation\nin concert with the Location protocol property. After navigating from a malicious page to\nanother, if the user navigates back to the initial page, the displayed URL will not\nreflect the reloaded page. This could be used to trick users into potentially treating the\npage as a different and trusted site.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965","reference_id":"CVE-2016-1965","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28","reference_id":"mfsa2016-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1965"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpxq-myh4-wfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=json","vulnerability_id":"VCID-dxam-cewh-63dt","summary":"Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954","reference_id":"CVE-2016-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17","reference_id":"mfsa2016-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1954"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1866?format=json","vulnerability_id":"VCID-ecjy-9yqg-d7g5","summary":"Security researcher Holger Fuhrmannek reported that a malicious\nGraphite \"smart font\" could circumvent the validation of internal instruction parameters\nin the Graphite 2 library using special CNTXT_ITEM instructions. This could result in\narbitrary code execution.\n This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523","reference_id":"CVE-2016-1523","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14","reference_id":"mfsa2016-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1523"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecjy-9yqg-d7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2936?format=json","vulnerability_id":"VCID-ee73-m58a-z3br","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521","reference_id":"CVE-2015-4521","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee73-m58a-z3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=json","vulnerability_id":"VCID-egv5-6c33-tfb9","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805","reference_id":"CVE-2016-2805","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2914?format=json","vulnerability_id":"VCID-ewxc-cgha-5ya6","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735","reference_id":"CVE-2015-2735","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2735"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewxc-cgha-5ya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2997?format=json","vulnerability_id":"VCID-f9tb-p3ha-9ug6","summary":"Security researcher Aki Helin used the Address Sanitizer\ntool to discover an out-of-bounds read during playback of a malformed MP3 format\naudio file which switches sample formats. This could trigger a potentially\nexploitable crash or the reading of out-of-bounds memory content in some\ncircumstances.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475","reference_id":"CVE-2015-4475","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-80","reference_id":"mfsa2015-80","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-80"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4475"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9tb-p3ha-9ug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=json","vulnerability_id":"VCID-ftnc-qwd9-jubp","summary":"Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962","reference_id":"CVE-2016-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25","reference_id":"mfsa2016-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1962"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=json","vulnerability_id":"VCID-fxjs-kgb3-6bb7","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794","reference_id":"CVE-2016-2794","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2942?format=json","vulnerability_id":"VCID-g2sr-anu7-e7hu","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180","reference_id":"CVE-2015-7180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7180"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2sr-anu7-e7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3006?format=json","vulnerability_id":"VCID-g4jc-hh17-wbex","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708","reference_id":"CVE-2015-2708","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-46","reference_id":"mfsa2015-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2708"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4jc-hh17-wbex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2950?format=json","vulnerability_id":"VCID-gcfa-hdye-jqar","summary":"An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer\noverflows in the libstagefright library that could be triggered by a malicious 'saio'\nchunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution.\nThis issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an\ninteger overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph\nDiehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4\nvideo with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that\ncould allow for remote code execution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479","reference_id":"CVE-2015-4479","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83","reference_id":"mfsa2015-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4479"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcfa-hdye-jqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3086?format=json","vulnerability_id":"VCID-gj9v-hz2y-j3h2","summary":"Using the Address Sanitizer tool, security researcher Atte\nKettunen found a buffer overflow during the rendering of SVG format\ngraphics when combined with specific CSS properties on a page. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710","reference_id":"CVE-2015-2710","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-48","reference_id":"mfsa2015-48","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-48"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2710"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj9v-hz2y-j3h2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1936?format=json","vulnerability_id":"VCID-gwmz-dnnk-bbhy","summary":"Security researcher Abdulrahman Alqabandi reported an issue where an\nattacker can load an arbitrary web page but the addressbar's displayed URL will be blank\nor filled with page defined content. This can be used to obfuscate which page is currently\nloaded and allows for an attacker to spoof an existing page without the malicious page's\naddress being displayed correctly.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958","reference_id":"CVE-2016-1958","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21","reference_id":"mfsa2016-21","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1958"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwmz-dnnk-bbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2920?format=json","vulnerability_id":"VCID-h99r-s2rd-dbf9","summary":"Security researcher Ronald Crane reported a vulnerability found\nthrough code inspection. This issue is an integer overflow while processing an MP4 format\nvideo file when an a erroneously-small buffer is allocated and then overrun, resulting in\na potentially exploitable crash.\nThis issue only affects 64-bit versions with 32-bit versions being\nunaffected.In general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213","reference_id":"CVE-2015-7213","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146","reference_id":"mfsa2015-146","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7213"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h99r-s2rd-dbf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2976?format=json","vulnerability_id":"VCID-hgqa-m8ub-f3dc","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473","reference_id":"CVE-2015-4473","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-79","reference_id":"mfsa2015-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4473"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgqa-m8ub-f3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2952?format=json","vulnerability_id":"VCID-hpjp-69k9-akdz","summary":"An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer\noverflows in the libstagefright library that could be triggered by a malicious 'saio'\nchunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution.\nThis issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an\ninteger overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph\nDiehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4\nvideo with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that\ncould allow for remote code execution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493","reference_id":"CVE-2015-4493","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83","reference_id":"mfsa2015-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4493"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpjp-69k9-akdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=json","vulnerability_id":"VCID-jr76-2aht-uqb2","summary":"Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961","reference_id":"CVE-2016-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24","reference_id":"mfsa2016-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1961"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=json","vulnerability_id":"VCID-jubn-vjus-h3e8","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792","reference_id":"CVE-2016-2792","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=json","vulnerability_id":"VCID-kcpz-uwq4-skf4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799","reference_id":"CVE-2016-2799","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2799"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2917?format=json","vulnerability_id":"VCID-knkj-95et-a7bh","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738","reference_id":"CVE-2015-2738","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2738"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knkj-95et-a7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=json","vulnerability_id":"VCID-ksda-d24x-8bcf","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797","reference_id":"CVE-2016-2797","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2797"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2948?format=json","vulnerability_id":"VCID-kxka-bpkq-bbb4","summary":"Security researcher Bas Venis reported a mechanism where add-ons could\nbe installed from a different source than user expectations. Normally, when a user enters\nthe URL to an add-on directly in the addressbar, warning prompts are bypassed because it\nis the result of direct user action. He discovered that a data: URL could be\nmanipulated on a loaded page to simulate this direct user input of the add-on's URL, which\nwould result in a bypassing of the install permission prompt. He also reported that in the\nabsence of the permission prompt, it is possible to cause the actual installation prompt\nto appear above another site's location by causing a page navigation immediately after\ntriggering add-on installation. This could manipulate a user into falsely believing a\ntrusted site (such as addons.mozilla.org) has\ninitiated the installation. This could lead to users installing an add-on from a malicious\nsource.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498","reference_id":"CVE-2015-4498","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-95","reference_id":"mfsa2015-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-95"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4498"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxka-bpkq-bbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2908?format=json","vulnerability_id":"VCID-m6a6-yhfk-1ufh","summary":"Security researcher Tsubasa Iinuma reported a mechanism to violate\nsame-origin policy to content using data: and view-source: URIs\nto confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214","reference_id":"CVE-2015-7214","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149","reference_id":"mfsa2015-149","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7214"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6a6-yhfk-1ufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2909?format=json","vulnerability_id":"VCID-mq7v-8uvq-5yeq","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq7v-8uvq-5yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=json","vulnerability_id":"VCID-mxj9-cgmx-zkg9","summary":"Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964","reference_id":"CVE-2016-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27","reference_id":"mfsa2016-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1964"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2924?format=json","vulnerability_id":"VCID-njfh-euqq-hyek","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488","reference_id":"CVE-2015-4488","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njfh-euqq-hyek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1971?format=json","vulnerability_id":"VCID-nmg1-t9x3-8kgb","summary":"The CESG, the Information Security Arm of GCHQ, reported that the\nJavaScript .watch() method could be used to overflow the 32-bit generation\ncount of the underlying HashMap, resulting in a write to an invalid entry. Under the right\nconditions this write could lead to arbitrary code execution. The overflow takes\nconsiderable time and a malicious page would require a user to keep it open for the\nduration of the attack.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808","reference_id":"CVE-2016-2808","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47","reference_id":"mfsa2016-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2808"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmg1-t9x3-8kgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3070?format=json","vulnerability_id":"VCID-nzaw-bp6y-qkbq","summary":"Security researcher Ucha Gobejishvili used the Address\nSanitizer tool to find a buffer overflow while parsing compressed XML content.\nThis was due to an error in how buffer space is created and modified when\nhandling large amounts of XML data. This results in a potentially exploitable\ncrash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716","reference_id":"CVE-2015-2716","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-54","reference_id":"mfsa2015-54","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-54"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2716"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzaw-bp6y-qkbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2906?format=json","vulnerability_id":"VCID-psax-4qxx-1udr","summary":"Security researcher Ronald Crane reported an underflow found through\ncode inspection. This does not all have a clear mechanism to be exploited through web\ncontent but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205","reference_id":"CVE-2015-7205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145","reference_id":"mfsa2015-145","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7205"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psax-4qxx-1udr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2935?format=json","vulnerability_id":"VCID-qq5e-2j1p-uufm","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517","reference_id":"CVE-2015-4517","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4517"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5e-2j1p-uufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2932?format=json","vulnerability_id":"VCID-qq9w-dr8s-rbc1","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500","reference_id":"CVE-2015-4500","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96","reference_id":"mfsa2015-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4500"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq9w-dr8s-rbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3021?format=json","vulnerability_id":"VCID-rf44-229c-qubm","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201","reference_id":"CVE-2015-7201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134","reference_id":"mfsa2015-134","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rf44-229c-qubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1881?format=json","vulnerability_id":"VCID-rhmy-7533-6be9","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930","reference_id":"CVE-2016-1930","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01","reference_id":"mfsa2016-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1930"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmy-7533-6be9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2989?format=json","vulnerability_id":"VCID-s1af-pc4s-4ya7","summary":"Mozilla community member Jonas Jenwald reported broken behavior in Mozilla's PDF.js PDF file viewer which led to the discovery that internal Workers were incorrectly executed with high privilege. If this flaw were combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743","reference_id":"CVE-2015-2743","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-69","reference_id":"mfsa2015-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2743"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1af-pc4s-4ya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3036?format=json","vulnerability_id":"VCID-s42a-965d-buf6","summary":"An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free\nvulnerability with HTML media elements on a page during script manipulation of the URI\ntable of these elements. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509","reference_id":"CVE-2015-4509","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106","reference_id":"mfsa2015-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4509"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s42a-965d-buf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=json","vulnerability_id":"VCID-s874-n3jb-23h1","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796","reference_id":"CVE-2016-2796","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2796"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3067?format=json","vulnerability_id":"VCID-sm73-ujuw-z7cy","summary":"Security researcher Scott Bell used the Address Sanitizer\ntool to discover a use-after-free error during the processing of text when\nvertical text is enabled. This leads to a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713","reference_id":"CVE-2015-2713","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-51","reference_id":"mfsa2015-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sm73-ujuw-z7cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2937?format=json","vulnerability_id":"VCID-tbjb-eqta-cqc1","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522","reference_id":"CVE-2015-4522","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4522"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbjb-eqta-cqc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1946?format=json","vulnerability_id":"VCID-tw6u-q876-yfbm","summary":"Security researcher Aki Helin used the Address Sanitizer tool to find\na buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935","reference_id":"CVE-2016-1935","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03","reference_id":"mfsa2016-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1935"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6u-q876-yfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3052?format=json","vulnerability_id":"VCID-tx75-3f4v-j3f3","summary":"Security researcher Looben Yang reported a buffer overflow in the\nJPEGEncoder function during script interactions with a canvas\nelement. This is caused by a race condition and incorrectly matched sizes following image\ninteractions. This leads to a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189","reference_id":"CVE-2015-7189","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123","reference_id":"mfsa2015-123","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7189"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx75-3f4v-j3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3060?format=json","vulnerability_id":"VCID-u5j5-pnhq-2yan","summary":"Security researcher Paul Bandha reported a type confusion\nerror where part of IDBDatabase is read by the Indexed Database\nManager and incorrectly used as a pointer when it shouldn't be used as such.\nThis leads to memory corruption and the possibility of an exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728","reference_id":"CVE-2015-2728","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-61","reference_id":"mfsa2015-61","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-61"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2728"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5j5-pnhq-2yan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2940?format=json","vulnerability_id":"VCID-v2bv-3xwa-m7eu","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176","reference_id":"CVE-2015-7176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7176"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2bv-3xwa-m7eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1921?format=json","vulnerability_id":"VCID-v6sk-vcxm-dudy","summary":"Security researcher James Clawson used the Address Sanitizer tool to\ndiscover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite\nfont file. This results in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969","reference_id":"CVE-2016-1969","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38","reference_id":"mfsa2016-38","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1969"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6sk-vcxm-dudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=json","vulnerability_id":"VCID-vct8-ur1y-63db","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"CVE-2015-2721","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3018?format=json","vulnerability_id":"VCID-vswn-ph7t-akfr","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200","reference_id":"CVE-2015-7200","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7200"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vswn-ph7t-akfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=json","vulnerability_id":"VCID-wd34-8uw6-2uh4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801","reference_id":"CVE-2016-2801","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3053?format=json","vulnerability_id":"VCID-wg7c-s7bd-nygc","summary":"Security researcher Looben Yang reported a use-after-free error in\nWebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still\nbelieve is has a datachannel open after another WebRTC function has closed it. This\nresults in attempts to use the now destroyed datachannel, leading to a potentially\nexploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210","reference_id":"CVE-2015-7210","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138","reference_id":"mfsa2015-138","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7210"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7c-s7bd-nygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2923?format=json","vulnerability_id":"VCID-wjz2-h366-vbae","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487","reference_id":"CVE-2015-4487","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4487"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjz2-h366-vbae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2956?format=json","vulnerability_id":"VCID-x1fr-hs7k-e7hs","summary":"Security researcher Jukka Jylänki reported a crash that\noccurs because JavaScript, when using shared memory, does not properly gate\naccess to Atomics or SharedArrayBuffer views in some\ncontexts. This leads to a non-exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484","reference_id":"CVE-2015-4484","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-87","reference_id":"mfsa2015-87","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4484"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fr-hs7k-e7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2941?format=json","vulnerability_id":"VCID-xevw-4gkg-akc6","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177","reference_id":"CVE-2015-7177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xevw-4gkg-akc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=json","vulnerability_id":"VCID-xmkv-47hn-43ck","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800","reference_id":"CVE-2016-2800","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2800"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2951?format=json","vulnerability_id":"VCID-xsxg-msc8-1kfp","summary":"An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer\noverflows in the libstagefright library that could be triggered by a malicious 'saio'\nchunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution.\nThis issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an\ninteger overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph\nDiehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4\nvideo with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that\ncould allow for remote code execution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480","reference_id":"CVE-2015-4480","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83","reference_id":"mfsa2015-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4480"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsxg-msc8-1kfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2925?format=json","vulnerability_id":"VCID-y429-zgqe-4ffk","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489","reference_id":"CVE-2015-4489","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4489"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y429-zgqe-4ffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2954?format=json","vulnerability_id":"VCID-yff7-y65u-2fbt","summary":"Mozilla Developer Jed Davis and Mozilla security engineer\nChristoph Diehl reported that Mozilla had inherited a\nInter-process Communication (IPC) vulnerability when IPC was introduced into\nMozilla products through third-party code. This could allow for privilege\nescalation through IPC channels due to lack of message validation in the\nlistener process. \nThis issue only affects systems running Windows, leaving Linux\nand OS X unaffected.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079","reference_id":"CVE-2011-3079","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-57","reference_id":"mfsa2015-57","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-57"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"}],"aliases":["CVE-2011-3079"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yff7-y65u-2fbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2992?format=json","vulnerability_id":"VCID-ymzx-f3pc-pfc2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513","reference_id":"CVE-2015-4513","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116","reference_id":"mfsa2015-116","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4513"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymzx-f3pc-pfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2918?format=json","vulnerability_id":"VCID-yr7f-4cr1-nye2","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739","reference_id":"CVE-2015-2739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr7f-4cr1-nye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=json","vulnerability_id":"VCID-yssr-7m7d-b7fh","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795","reference_id":"CVE-2016-2795","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2736?format=json","vulnerability_id":"VCID-4r3z-auuz-sbez","summary":"Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG discovered a buffer overflow when making\ncapitalization style changes during CSS parsing. This can cause a crash that is\npotentially exploitable.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576","reference_id":"CVE-2014-1576","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-75","reference_id":"mfsa2014-75","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r3z-auuz-sbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3048?format=json","vulnerability_id":"VCID-4uyn-g7y6-zbh2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634","reference_id":"CVE-2014-8634","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-01","reference_id":"mfsa2015-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-8634"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uyn-g7y6-zbh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3076?format=json","vulnerability_id":"VCID-58up-6bj9-tkb1","summary":"Security researcher Mitchell Harper discovered a\nread-after-free in WebRTC due to the way tracks are handled. This results in a\neither a potentially exploitable crash or incorrect WebRTC behavior.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641","reference_id":"CVE-2014-8641","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-06","reference_id":"mfsa2015-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-8641"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58up-6bj9-tkb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2747?format=json","vulnerability_id":"VCID-6nyu-8qhc-q7cj","summary":"Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592","reference_id":"CVE-2014-1592","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-87","reference_id":"mfsa2014-87","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-87"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1592"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6nyu-8qhc-q7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3069?format=json","vulnerability_id":"VCID-6x4j-c36j-aybs","summary":"Security researcher Xiaofeng Zheng of the Blue Lotus Team at\nTsinghua University reported reported that a Web Proxy returning a 407 Proxy\nAuthentication response with a Set-Cookie header could inject\ncookies into the originally requested domain. This could be used for\nsession-fixation attacks. This attack only allows cookies to be written but does\nnot allow them to be read. \nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like\ncontexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639","reference_id":"CVE-2014-8639","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-04","reference_id":"mfsa2015-04","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-8639"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x4j-c36j-aybs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2751?format=json","vulnerability_id":"VCID-8gjw-35z7-wyeg","summary":"Security researcher regenrecht reported, via TippingPoint's\nZero Day Initiative, a use-after-free during text layout when interacting with\ntext direction. This results in a crash which can lead to arbitrary code\nexecution. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581","reference_id":"CVE-2014-1581","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-79","reference_id":"mfsa2014-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-79"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1581"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gjw-35z7-wyeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2712?format=json","vulnerability_id":"VCID-a23f-4jqj-nfag","summary":"Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590","reference_id":"CVE-2014-1590","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-85","reference_id":"mfsa2014-85","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1590"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a23f-4jqj-nfag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2735?format=json","vulnerability_id":"VCID-ak47-7gf3-akgp","summary":"Mozilla developers Eric Shepherd and Jan-Ivar\nBruaroey reported issues with privacy and video sharing using WebRTC.\nOnce video sharing has started within a WebRTC session running within an\n<iframe>, video will continue to be shared even if the user\nselects the &quote;Stop Sharing\" button in the controls. The camera will\nalso remain on even if the user navigates to another site and will begin\nstreaming again if the user returns to the original site. This is a privacy\nproblem and can lead to inadvertent video streaming. This does not affect\nimplementations that are not within an <iframe>.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586","reference_id":"CVE-2014-1586","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-81","reference_id":"mfsa2014-81","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-81"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1586"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ak47-7gf3-akgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2969?format=json","vulnerability_id":"VCID-b9t4-78nq-jyeh","summary":"Security researcher Paul Bandha used the used the Address\nSanitizer tool to discover a use-after-free vulnerability when running specific\nweb content with IndexedDB to create an index. This leads to a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831","reference_id":"CVE-2015-0831","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-16","reference_id":"mfsa2015-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-16"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0831"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9t4-78nq-jyeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2766?format=json","vulnerability_id":"VCID-c9de-9rrf-u7dk","summary":"Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy.\nUsers are only at risk for this issue if a web app has been installed.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583","reference_id":"CVE-2014-1583","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-82","reference_id":"mfsa2014-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-82"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1583"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9de-9rrf-u7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3040?format=json","vulnerability_id":"VCID-fk4s-hdw3-bbhp","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836","reference_id":"CVE-2015-0836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-11","reference_id":"mfsa2015-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fk4s-hdw3-bbhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3033?format=json","vulnerability_id":"VCID-fq2a-sv58-8ycr","summary":"Security researcher Armin Ebert reported that a user\nreadable file in a known local path could be uploaded to a malicious site. This\nwas done by manipulating the autocomplete feature in a form and user interaction\nwith it. While the local file is not visibly uploaded through the form, its\ncontents are made available through the Document Object Model (DOM) to script\ncontent on the attacking page, leading to information disclosure.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822","reference_id":"CVE-2015-0822","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-24","reference_id":"mfsa2015-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0822"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fq2a-sv58-8ycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3019?format=json","vulnerability_id":"VCID-ggsp-g32j-7fdv","summary":"Security researcher Mariusz Mlynski reported, through HP\nZero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by using a\nflaw in the processing of SVG format content navigation.\nAn incomplete version of this fix was shipped in Firefox 36.0.3\nand Firefox ESR 31.5.2.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818","reference_id":"CVE-2015-0818","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28","reference_id":"mfsa2015-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0818"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggsp-g32j-7fdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2792?format=json","vulnerability_id":"VCID-gvw5-1hst-73cr","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587","reference_id":"CVE-2014-1587","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-83","reference_id":"mfsa2014-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1587"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvw5-1hst-73cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2745?format=json","vulnerability_id":"VCID-hs2d-ep9s-27b8","summary":"Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo\nKim at the Georgia Tech Information Security Center (GTISC) reported a\nbad casting from the BasicThebesLayer to\nBasicContainerLayer, resulting in undefined behavior. This behavior\nis potentially exploitable with some compilers but no clear mechanism to trigger\nit through web content was identified.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594","reference_id":"CVE-2014-1594","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-89","reference_id":"mfsa2014-89","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-89"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1594"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs2d-ep9s-27b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2692?format=json","vulnerability_id":"VCID-j7uq-j289-zyff","summary":"Using the Address Sanitizer tool, security researcher Abhishek\nArya (Inferno) of the Google Chrome Security Team found an\nout-of-bounds write when buffering WebM format video containing frames with\ninvalid tile sizes. This can lead to a potentially exploitable crash during WebM\nvideo playback.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578","reference_id":"CVE-2014-1578","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-77","reference_id":"mfsa2014-77","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1578"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7uq-j289-zyff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2963?format=json","vulnerability_id":"VCID-n7m2-cbnx-bygy","summary":"Mozilla developer Olli Pettay reported that while\ninvestigating Mozilla\nFoundation Security Advisory 2015-28, he and Mozilla developer Boris\nZbarsky found an alternate way to trigger a similar vulnerability. The\npreviously reported flaw used an issue with SVG content navigation to bypass\nsame-origin policy protections to run scripts in a privileged context. This\nnewer variant found that the same flaw could be used during anchor navigation of\na page, allowing bypassing of same-origin policy protections. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801","reference_id":"CVE-2015-0801","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-40","reference_id":"mfsa2015-40","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-40"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0801"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7m2-cbnx-bygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2953?format=json","vulnerability_id":"VCID-nj18-p9nk-9ffg","summary":"Security researcher Mariusz Mlynski reported, through HP\nZero Day Initiative's Pwn2Own contest, that documents loaded though a\nresource: URL, such as Mozilla's PDF.js PDF file\nviewer, were able to subsequently load privileged chrome pages. The privilege\nrestrictions on resource: URLs was handled incorrectly and these\nrestrictions could be bypassed if this flaw was combined with a separate\nvulnerability allowing for same-origin policy violation, it could be used to run\narbitrary code.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816","reference_id":"CVE-2015-0816","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-33","reference_id":"mfsa2015-33","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0816"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nj18-p9nk-9ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3047?format=json","vulnerability_id":"VCID-q89v-v5au-w7a1","summary":"Security researcher ilxu1a reported, through HP Zero Day\nInitiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its management\nof bounds checking for heap access. This flaw can be leveraged into the reading\nand writing of memory allowing for arbitrary code execution on the local system.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817","reference_id":"CVE-2015-0817","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29","reference_id":"mfsa2015-29","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0817"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q89v-v5au-w7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2974?format=json","vulnerability_id":"VCID-r59n-k84q-ebab","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0815","reference_id":"CVE-2015-0815","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0815"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-30","reference_id":"mfsa2015-30","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0815"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r59n-k84q-ebab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2703?format=json","vulnerability_id":"VCID-rd9r-695j-duff","summary":"Security researcher Holger Fuhrmannek used the used the\nAddress Sanitizer tool to discover an out-of-bounds read issue with Web Audio\nwhen interacting with custom waveforms with invalid values. This results in a\ncrash and could allow for the reading of random memory which may contain\nsensitive data, or of memory addresses that could be used in combination with\nanother bug.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577","reference_id":"CVE-2014-1577","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-76","reference_id":"mfsa2014-76","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-76"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1577"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd9r-695j-duff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2734?format=json","vulnerability_id":"VCID-rtvj-tgwt-17d2","summary":"Mozilla developers Eric Shepherd and Jan-Ivar\nBruaroey reported issues with privacy and video sharing using WebRTC.\nOnce video sharing has started within a WebRTC session running within an\n<iframe>, video will continue to be shared even if the user\nselects the &quote;Stop Sharing\" button in the controls. The camera will\nalso remain on even if the user navigates to another site and will begin\nstreaming again if the user returns to the original site. This is a privacy\nproblem and can lead to inadvertent video streaming. This does not affect\nimplementations that are not within an <iframe>.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585","reference_id":"CVE-2014-1585","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-81","reference_id":"mfsa2014-81","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-81"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1585"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtvj-tgwt-17d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3078?format=json","vulnerability_id":"VCID-svaq-kp6k-r7hx","summary":"Mozilla developer Christoph Kerschbaumer discovered an issue\nwhile investigating Mozilla\nFoundation Security Advisory 2015-03, previously reported by security\nresearcher Muneaki Nishimura. This flaw was that a cross-origin\nresource sharing (CORS) request should not follow 30x redirections after\npreflight according to the specification. This only affects\nsendBeacon() requests but could allow for a potential Cross-site\nrequest forgery (XSRF) attack from malicious websites. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807","reference_id":"CVE-2015-0807","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-37","reference_id":"mfsa2015-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0807"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svaq-kp6k-r7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3000?format=json","vulnerability_id":"VCID-tb5c-absx-ckbz","summary":"Security researcher Aki Helin reported a use-after-free when\nplaying certain MP3 format audio files on the web using the Fluendo MP3 plugin\nfor GStreamer on Linux. This is due to a flaw in handling certain MP3 files by\nthe plugin and its interaction with Mozilla code. This can lead to a potentially\nexploitable crash.\nThis flaw only affects Linux installations. Windows and OS X\nusers are unaffected by it.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813","reference_id":"CVE-2015-0813","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-31","reference_id":"mfsa2015-31","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-31"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0813"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tb5c-absx-ckbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2769?format=json","vulnerability_id":"VCID-vutj-rajw-bueb","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a buffer\noverflow during the parsing of media content. This leads to a potentially\nexploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593","reference_id":"CVE-2014-1593","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-88","reference_id":"mfsa2014-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-88"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1593"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vutj-rajw-bueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3087?format=json","vulnerability_id":"VCID-wqxh-2v78-nkca","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to report an out-of-bounds\nread and an out-of-bounds write when rendering an improperly formatted SVG\ngraphic. This could potentially allow the attacker to read uninitialized memory.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827","reference_id":"CVE-2015-0827","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-19","reference_id":"mfsa2015-19","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2015-0827"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqxh-2v78-nkca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2760?format=json","vulnerability_id":"VCID-xw7d-ecvh-1ff8","summary":"Mozilla developers and community identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574","reference_id":"CVE-2014-1574","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-74","reference_id":"mfsa2014-74","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-74"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-1574"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xw7d-ecvh-1ff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3032?format=json","vulnerability_id":"VCID-zuyy-jyqt-tbgg","summary":"Security researcher Muneaki Nishimura reported that\nnavigator.sendBeacon() does not follow the cross-origin resource\nsharing (CORS) specification. This results in the request from\nsendBeacon() lacking an origin header in violation of\nthe W3C Beacon specification and not\nbeing treated as a CORS request. This allows for a potential Cross-site request\nforgery (XSRF) attack from malicious websites.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638","reference_id":"CVE-2014-8638","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-03","reference_id":"mfsa2015-03","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4055?format=json","purl":"pkg:deb/debian/iceweasel@31.6.0esr-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-2u3s-8pqy-27gd"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-g4jc-hh17-wbex"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gj9v-hz2y-j3h2"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-nzaw-bp6y-qkbq"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-sm73-ujuw-z7cy"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-yff7-y65u-2fbt"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}],"aliases":["CVE-2014-8638"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zuyy-jyqt-tbgg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.6.0esr-1"}