{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","type":"deb","namespace":"debian","name":"iceweasel","version":"38.8.0esr-1~deb7u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1887?format=json","vulnerability_id":"VCID-27t5-214b-33g2","summary":"Using Address Sanitizer, security researcher Sascha Just reported a\nbuffer overflow in the libstagefright library due to issues with the handling of CENC\noffsets and the sizes table. This results in a potentially exploitable crash triggerable\nthrough web content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2814","reference_id":"","reference_type":"","scores":[{"value":"0.02136","scoring_system":"epss","scoring_elements":"0.84512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330280","reference_id":"1330280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814","reference_id":"CVE-2016-2814","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44","reference_id":"mfsa2016-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"}],"fixed_packages":[],"aliases":["CVE-2016-2814"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27t5-214b-33g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=json","vulnerability_id":"VCID-7hry-whqg-97gm","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2807","reference_id":"","reference_type":"","scores":[{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83029","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330271","reference_id":"1330271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807","reference_id":"CVE-2016-2807","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1041","reference_id":"RHSA-2016:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1041"}],"fixed_packages":[],"aliases":["CVE-2016-2807"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=json","vulnerability_id":"VCID-egv5-6c33-tfb9","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2805","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.7637","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2805"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330266","reference_id":"1330266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805","reference_id":"CVE-2016-2805","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1041","reference_id":"RHSA-2016:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1041"}],"fixed_packages":[],"aliases":["CVE-2016-2805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1971?format=json","vulnerability_id":"VCID-nmg1-t9x3-8kgb","summary":"The CESG, the Information Security Arm of GCHQ, reported that the\nJavaScript .watch() method could be used to overflow the 32-bit generation\ncount of the underlying HashMap, resulting in a write to an invalid entry. Under the right\nconditions this write could lead to arbitrary code execution. The overflow takes\nconsiderable time and a malicious page would require a user to keep it open for the\nduration of the attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2808.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2808","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71991","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2808"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330286","reference_id":"1330286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808","reference_id":"CVE-2016-2808","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47","reference_id":"mfsa2016-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"}],"fixed_packages":[],"aliases":["CVE-2016-2808"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmg1-t9x3-8kgb"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3029?format=json","vulnerability_id":"VCID-1322-2jgj-2kh2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2724.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2724.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2724","reference_id":"","reference_type":"","scores":[{"value":"0.00912","scoring_system":"epss","scoring_elements":"0.76241","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2724"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236947","reference_id":"1236947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724","reference_id":"CVE-2015-2724","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59","reference_id":"mfsa2015-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-59"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2724"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1322-2jgj-2kh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=json","vulnerability_id":"VCID-1bx2-4ka7-w3cr","summary":"The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1966","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74356","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315778","reference_id":"1315778","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966","reference_id":"CVE-2016-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31","reference_id":"mfsa2016-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1966"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1887?format=json","vulnerability_id":"VCID-27t5-214b-33g2","summary":"Using Address Sanitizer, security researcher Sascha Just reported a\nbuffer overflow in the libstagefright library due to issues with the handling of CENC\noffsets and the sizes table. This results in a potentially exploitable crash triggerable\nthrough web content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2814.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2814.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2814","reference_id":"","reference_type":"","scores":[{"value":"0.02136","scoring_system":"epss","scoring_elements":"0.84512","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330280","reference_id":"1330280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814","reference_id":"CVE-2016-2814","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44","reference_id":"mfsa2016-44","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-44"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2814"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27t5-214b-33g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2938?format=json","vulnerability_id":"VCID-2p4t-fga2-sqfa","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7174.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7174.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7174","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7174"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174","reference_id":"CVE-2015-7174","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7174"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p4t-fga2-sqfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1891?format=json","vulnerability_id":"VCID-2pb1-uy1v-vuf1","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1952.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1952","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55408","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1952"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315566","reference_id":"1315566","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952","reference_id":"CVE-2016-1952","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16","reference_id":"mfsa2016-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1952"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2pb1-uy1v-vuf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2943?format=json","vulnerability_id":"VCID-2r71-u8q9-t7fw","summary":"Security researcher Herre reported a use-after-free\nvulnerability when a Content Policy modifies the Document Object Model to\nremove a DOM object, which is then used afterwards due to an error in microtask\nimplementation. This leads to an exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2731.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2731.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2731","reference_id":"","reference_type":"","scores":[{"value":"0.00945","scoring_system":"epss","scoring_elements":"0.76664","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2731"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236953","reference_id":"1236953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236953"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731","reference_id":"CVE-2015-2731","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63","reference_id":"mfsa2015-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2731"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r71-u8q9-t7fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2911?format=json","vulnerability_id":"VCID-2sem-6a6r-suem","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7183","reference_id":"","reference_type":"","scores":[{"value":"0.04702","scoring_system":"epss","scoring_elements":"0.89546","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269353","reference_id":"1269353","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269353"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"CVE-2015-7183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7183"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sem-6a6r-suem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2913?format=json","vulnerability_id":"VCID-35ek-28ks-vqdf","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2734.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2734","reference_id":"","reference_type":"","scores":[{"value":"0.01252","scoring_system":"epss","scoring_elements":"0.79674","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2734"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734","reference_id":"CVE-2015-2734","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2734"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35ek-28ks-vqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=json","vulnerability_id":"VCID-3uny-z4bs-9bfk","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2791","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2791"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791","reference_id":"CVE-2016-2791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2791"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=json","vulnerability_id":"VCID-4hgx-k5jn-ckeu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1977","reference_id":"","reference_type":"","scores":[{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1977"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977","reference_id":"CVE-2016-1977","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1977"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=json","vulnerability_id":"VCID-4r11-gv5n-rbhb","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2793","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68711","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2793"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793","reference_id":"CVE-2016-2793","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2793"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3092?format=json","vulnerability_id":"VCID-59jz-5qv2-5yb1","summary":"Security researcher André Bargull reported non-configurable\nproperties on JavaScript objects can be redefined while parsing JSON in\nviolation of the ECMAScript 6 standard. This allows malicious web content to\nbypass same-origin policy by editing these properties to arbitrary values.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4478.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4478.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4478","reference_id":"","reference_type":"","scores":[{"value":"0.00556","scoring_system":"epss","scoring_elements":"0.6851","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252282","reference_id":"1252282","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478","reference_id":"CVE-2015-4478","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-82","reference_id":"mfsa2015-82","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-82"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4478"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59jz-5qv2-5yb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2995?format=json","vulnerability_id":"VCID-63se-aey7-4kdh","summary":"Mozilla developer Ehsan Akhgari reported two issues with Cross-origin\nresource sharing (CORS) \"preflight\" requests.The first issue is that in some circumstances the same cache key can be generated for\ntwo preflight requests on a site. As a result, if a second request is made that will match\nthe cached key generated by an earlier request, CORS checks will be bypassed because the\nsystem will see the previously cached request as applicable.In the second issue, when some Access-Control- headers are missing from\nCORS responses, the values from different Access-Control- headers can be used\nthat present in the same response. In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4520.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4520","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69607","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4520"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265781","reference_id":"1265781","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520","reference_id":"CVE-2015-4520","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111","reference_id":"mfsa2015-111","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-111"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4520"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63se-aey7-4kdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2915?format=json","vulnerability_id":"VCID-644p-f2nh-e7ah","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2736.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2736","reference_id":"","reference_type":"","scores":[{"value":"0.01601","scoring_system":"epss","scoring_elements":"0.82035","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2736"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736","reference_id":"CVE-2015-2736","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2736"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-644p-f2nh-e7ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2988?format=json","vulnerability_id":"VCID-6q33-akyf-v7cw","summary":"Mozilla developer Ehsan Akhgari reported a mechanism through which a\nweb worker could be used\nto bypass secure requirements for WebSockets when workers are used to create WebSockets.\nThis allows for the bypassing of mixed content WebSocket policy.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7197.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7197","reference_id":"","reference_type":"","scores":[{"value":"0.01832","scoring_system":"epss","scoring_elements":"0.83262","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277351","reference_id":"1277351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197","reference_id":"CVE-2015-7197","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132","reference_id":"mfsa2015-132","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7197"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q33-akyf-v7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2928?format=json","vulnerability_id":"VCID-6x8h-7v19-x7d2","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an integer overflow when\nwhen allocating textures of extremely larges sizes during graphics operations. This\nresults in a potentially exploitable crash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7212.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7212.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7212","reference_id":"","reference_type":"","scores":[{"value":"0.02306","scoring_system":"epss","scoring_elements":"0.85046","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7212"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291587","reference_id":"1291587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212","reference_id":"CVE-2015-7212","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139","reference_id":"mfsa2015-139","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-139"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0001","reference_id":"RHSA-2016:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7212"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x8h-7v19-x7d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2926?format=json","vulnerability_id":"VCID-79px-mpkc-ybf6","summary":"Mozilla community member Jean-Max Reymond discovered a use-after-free\nvulnerability with a <canvas> element on a page. This occurs when a\nresize event is triggered in concert with style changes but the canvas references have\nbeen recreated in the meantime, destroying the originally referenced context. This results\nin an exploitable crash.Ucha Gobejishvili, working with HP's Zero Day Initiative, subsequently reported this\nsame issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4497.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4497.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4497","reference_id":"","reference_type":"","scores":[{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86924","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4497"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257276","reference_id":"1257276","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497","reference_id":"CVE-2015-4497","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-94","reference_id":"mfsa2015-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-94"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1693","reference_id":"RHSA-2015:1693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4497"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79px-mpkc-ybf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2939?format=json","vulnerability_id":"VCID-7chb-gfkw-kkdc","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7175.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7175.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7175","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7175"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175","reference_id":"CVE-2015-7175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7175"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7chb-gfkw-kkdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=json","vulnerability_id":"VCID-7gkv-pu79-43hx","summary":"Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4000.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4000","reference_id":"","reference_type":"","scores":[{"value":"0.92346","scoring_system":"epss","scoring_elements":"0.9974","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223211","reference_id":"1223211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"CVE-2015-4000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70","reference_id":"mfsa2015-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1072","reference_id":"RHSA-2015:1072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1185","reference_id":"RHSA-2015:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1197","reference_id":"RHSA-2015:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2056","reference_id":"RHSA-2016:2056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2056"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4000"],"risk_score":6.6,"exploitability":"2.0","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=json","vulnerability_id":"VCID-7hry-whqg-97gm","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2807","reference_id":"","reference_type":"","scores":[{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83029","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330271","reference_id":"1330271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807","reference_id":"CVE-2016-2807","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1041","reference_id":"RHSA-2016:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2807"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=json","vulnerability_id":"VCID-81zk-xrsj-cufe","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7575.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7575.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7575","reference_id":"","reference_type":"","scores":[{"value":"0.0107","scoring_system":"epss","scoring_elements":"0.78075","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289841","reference_id":"1289841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201706-18","reference_id":"GLSA-201706-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-18"},{"reference_url":"https://security.gentoo.org/glsa/201801-15","reference_id":"GLSA-201801-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0007","reference_id":"RHSA-2016:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0008","reference_id":"RHSA-2016:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0012","reference_id":"RHSA-2016:0012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0049","reference_id":"RHSA-2016:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0050","reference_id":"RHSA-2016:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0053","reference_id":"RHSA-2016:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0054","reference_id":"RHSA-2016:0054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7575"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=json","vulnerability_id":"VCID-86p5-m5xh-wba9","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2798","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2798"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798","reference_id":"CVE-2016-2798","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2798"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2955?format=json","vulnerability_id":"VCID-89p2-k3uk-bkhp","summary":"Security researcher Mario Gomes reported that when a previously\nloaded image on a page is drag and dropped into content after a redirect, the redirected\nURL is available to scripts. This is a violation of the  Fetch specification's defined behavior for\n\"Atomic HTTP redirect handling\" which states that redirected URLs are not exposed to any\nAPIs. This can allow for information leakage. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4519.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4519","reference_id":"","reference_type":"","scores":[{"value":"0.00436","scoring_system":"epss","scoring_elements":"0.63324","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4519"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265778","reference_id":"1265778","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519","reference_id":"CVE-2015-4519","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110","reference_id":"mfsa2015-110","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4519"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89p2-k3uk-bkhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2919?format=json","vulnerability_id":"VCID-89x5-7hfe-jbc7","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2740.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2740","reference_id":"","reference_type":"","scores":[{"value":"0.02632","scoring_system":"epss","scoring_elements":"0.85975","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2740"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740","reference_id":"CVE-2015-2740","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2740"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89x5-7hfe-jbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3093?format=json","vulnerability_id":"VCID-8z2y-h8mf-4fgk","summary":"Mozilla developer Gerald Squelart fixed an integer underflow in the\nlibstagefright library initially reported by Joshua Drake to Google. The issues occurred\nin MP4 format video file while parsing cover metadata, leading  to a buffer overflow. This\nresults in a potentially exploitable crash and can be triggered by a malformed MP4\nfile served by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7222.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7222","reference_id":"","reference_type":"","scores":[{"value":"0.03351","scoring_system":"epss","scoring_elements":"0.87543","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7222"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291597","reference_id":"1291597","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222","reference_id":"CVE-2015-7222","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7222"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147","reference_id":"mfsa2015-147","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8z2y-h8mf-4fgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=json","vulnerability_id":"VCID-9hcm-h8uk-xygz","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2802","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2802"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802","reference_id":"CVE-2016-2802","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2802"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1950","reference_id":"","reference_type":"","scores":[{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83439","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310509","reference_id":"1310509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0370","reference_id":"RHSA-2016:0370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0371","reference_id":"RHSA-2016:0371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0495","reference_id":"RHSA-2016:0495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0495"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1950"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=json","vulnerability_id":"VCID-a5ee-c6f4-tufu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2790","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2790"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790","reference_id":"CVE-2016-2790","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2790"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3017?format=json","vulnerability_id":"VCID-a5mh-mmhh-pfg6","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7199.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7199","reference_id":"","reference_type":"","scores":[{"value":"0.0253","scoring_system":"epss","scoring_elements":"0.85712","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277350","reference_id":"1277350","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199","reference_id":"CVE-2015-7199","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7199"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5mh-mmhh-pfg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3023?format=json","vulnerability_id":"VCID-ac68-q866-pugy","summary":"Security researcher Gustavo Grieco reported a buffer underflow in\nlibjar triggered through a maliciously crafted ZIP format file. This results\nin a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7194.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7194.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7194","reference_id":"","reference_type":"","scores":[{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.85911","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7194"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277347","reference_id":"1277347","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194","reference_id":"CVE-2015-7194","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128","reference_id":"mfsa2015-128","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7194"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ac68-q866-pugy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3016?format=json","vulnerability_id":"VCID-agrg-fr7r-zyec","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7198.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7198.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7198","reference_id":"","reference_type":"","scores":[{"value":"0.03921","scoring_system":"epss","scoring_elements":"0.88516","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7198"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277350","reference_id":"1277350","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198","reference_id":"CVE-2015-7198","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7198"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agrg-fr7r-zyec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2916?format=json","vulnerability_id":"VCID-are2-nwm2-ekfb","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2737.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2737","reference_id":"","reference_type":"","scores":[{"value":"0.01252","scoring_system":"epss","scoring_elements":"0.79674","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2737"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737","reference_id":"CVE-2015-2737","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2737"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-are2-nwm2-ekfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=json","vulnerability_id":"VCID-b1zu-35mw-jkdg","summary":"Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1957","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58084","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315573","reference_id":"1315573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957","reference_id":"CVE-2016-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20","reference_id":"mfsa2016-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1957"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3043?format=json","vulnerability_id":"VCID-b91n-146p-u3a5","summary":"Mozilla community member Vytautas Staraitis reported an issue with the\ninteraction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript\nwrapper when it is still in use, which leads to a JavaScript garbage collection crash.\nThis crash is potentially exploitable.\nThis issue only affects systems where Java is installed and enabled as a\nbrowser plugin. Other systems are unaffected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7196.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7196","reference_id":"","reference_type":"","scores":[{"value":"0.02443","scoring_system":"epss","scoring_elements":"0.85459","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7196"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277349","reference_id":"1277349","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196","reference_id":"CVE-2015-7196","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-130","reference_id":"mfsa2015-130","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7196"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b91n-146p-u3a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2967?format=json","vulnerability_id":"VCID-bndf-h1gn-dbhg","summary":"Security researcher Looben Yang discovered a use-after-free\nvulnerability when recursively calling .open() on an XMLHttpRequest\nin a SharedWorker.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4492.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4492","reference_id":"","reference_type":"","scores":[{"value":"0.01947","scoring_system":"epss","scoring_elements":"0.83784","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4492"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252295","reference_id":"1252295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492","reference_id":"CVE-2015-4492","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-92","reference_id":"mfsa2015-92","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-92"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4492"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bndf-h1gn-dbhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2971?format=json","vulnerability_id":"VCID-cf7n-mn5h-yyaq","summary":"Using the Address Sanitizer tool, security researcher Atte\nKettunen discovered a buffer overflow in the nestegg library when decoding a WebM\nformat video with maliciously formatted headers. This leads to a potentially exploitable\ncrash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4511.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4511","reference_id":"","reference_type":"","scores":[{"value":"0.0396","scoring_system":"epss","scoring_elements":"0.88573","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4511"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265630","reference_id":"1265630","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265630"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511","reference_id":"CVE-2015-4511","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105","reference_id":"mfsa2015-105","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4511"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf7n-mn5h-yyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2910?format=json","vulnerability_id":"VCID-cjnx-d8j7-zqg3","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7182","reference_id":"","reference_type":"","scores":[{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93581","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7182"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269351","reference_id":"1269351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7182"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjnx-d8j7-zqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=json","vulnerability_id":"VCID-cr9v-b95v-eyha","summary":"Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1974","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66064","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1974"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315785","reference_id":"1315785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974","reference_id":"CVE-2016-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34","reference_id":"mfsa2016-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1974"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3002?format=json","vulnerability_id":"VCID-cvjs-nw3e-6be2","summary":"Security researcher Shinto K Anto reported an issue with cross-origin\nresource sharing (CORS) \"preflight\" requests when receiving certain\nContent-Type headers. This is due to an error in implementation resulting in\ntrying to process multiple media types when they are returned in the\nContent-Type headers from a server. This is disallowed in the CORS specification and results in a simple instead of a\n\"preflight\" request, leading to potential same-origin policy violation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7193.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7193.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7193","reference_id":"","reference_type":"","scores":[{"value":"0.01267","scoring_system":"epss","scoring_elements":"0.798","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7193"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277346","reference_id":"1277346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193","reference_id":"CVE-2015-7193","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127","reference_id":"mfsa2015-127","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7193"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvjs-nw3e-6be2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2966?format=json","vulnerability_id":"VCID-cwdt-7ey1-5bax","summary":"Security researcher Khalil Zhani reported that a maliciously crafted\nvp9 format video could be used to trigger a buffer overflow while parsing the file. This\nleads to a potentially exploitable crash due to a flaw in the libvpx library. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4506.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4506.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4506","reference_id":"","reference_type":"","scores":[{"value":"0.07974","scoring_system":"epss","scoring_elements":"0.92219","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4506"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265617","reference_id":"1265617","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506","reference_id":"CVE-2015-4506","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101","reference_id":"mfsa2015-101","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4506"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwdt-7ey1-5bax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2982?format=json","vulnerability_id":"VCID-ddgc-sfjs-bkgg","summary":"Security researcher Michał Bentkowski reported that adding white-space\ncharacters to hostnames that are IP addresses can bypass same-origin policy. This flaw was\ncaused by trailing whitespaces being evaluated differently when parsing IP addresses\ninstead of alphanumeric hostnames. This could lead to a cross-site script (XSS) attack.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7188.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7188.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7188","reference_id":"","reference_type":"","scores":[{"value":"0.01664","scoring_system":"epss","scoring_elements":"0.82422","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7188"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277343","reference_id":"1277343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188","reference_id":"CVE-2015-7188","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122","reference_id":"mfsa2015-122","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7188"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgc-sfjs-bkgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=json","vulnerability_id":"VCID-dhjd-31cm-1fh6","summary":"Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1960","reference_id":"","reference_type":"","scores":[{"value":"0.86455","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315576","reference_id":"1315576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960","reference_id":"CVE-2016-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html","reference_id":"CVE-2016-1960","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html","reference_id":"CVE-2017-5375;CVE-2016-1960","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23","reference_id":"mfsa2016-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1960"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1970?format=json","vulnerability_id":"VCID-dpxq-myh4-wfbs","summary":"Security researcher Tsubasa Iinuma reported a mechanism where the\ndisplayed addressbar can be spoofed to users. This issue involves using history navigation\nin concert with the Location protocol property. After navigating from a malicious page to\nanother, if the user navigates back to the initial page, the displayed URL will not\nreflect the reloaded page. This could be used to trick users into potentially treating the\npage as a different and trusted site.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1965","reference_id":"","reference_type":"","scores":[{"value":"0.005","scoring_system":"epss","scoring_elements":"0.6633","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315775","reference_id":"1315775","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965","reference_id":"CVE-2016-1965","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28","reference_id":"mfsa2016-28","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1965"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpxq-myh4-wfbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=json","vulnerability_id":"VCID-dxam-cewh-63dt","summary":"Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1954","reference_id":"","reference_type":"","scores":[{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86175","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1954"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315569","reference_id":"1315569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954","reference_id":"CVE-2016-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17","reference_id":"mfsa2016-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1954"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1866?format=json","vulnerability_id":"VCID-ecjy-9yqg-d7g5","summary":"Security researcher Holger Fuhrmannek reported that a malicious\nGraphite \"smart font\" could circumvent the validation of internal instruction parameters\nin the Graphite 2 library using special CNTXT_ITEM instructions. This could result in\narbitrary code execution.\n This issue affected Graphite 2 version 1.3.4, which was used in the Firefox ESR branch. To address this issue and other security vulnerabilities recently disclosed by Cisco Talos affecting this version of the library, Firefox ESR has been updated to version 1.3.5, the same one used in Firefox 44.\nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1523.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1523.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1523","reference_id":"","reference_type":"","scores":[{"value":"0.01341","scoring_system":"epss","scoring_elements":"0.80354","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305813","reference_id":"1305813","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523","reference_id":"CVE-2016-1523","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-35","reference_id":"GLSA-201701-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-35"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14","reference_id":"mfsa2016-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0197","reference_id":"RHSA-2016:0197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0258","reference_id":"RHSA-2016:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0594","reference_id":"RHSA-2016:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0594"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1523"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecjy-9yqg-d7g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2936?format=json","vulnerability_id":"VCID-ee73-m58a-z3br","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4521.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4521.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4521","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521","reference_id":"CVE-2015-4521","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4521"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee73-m58a-z3br"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=json","vulnerability_id":"VCID-egv5-6c33-tfb9","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2805","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.7637","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2805"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330266","reference_id":"1330266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805","reference_id":"CVE-2016-2805","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1041","reference_id":"RHSA-2016:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1041"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2914?format=json","vulnerability_id":"VCID-ewxc-cgha-5ya6","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2735.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2735.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2735","reference_id":"","reference_type":"","scores":[{"value":"0.01601","scoring_system":"epss","scoring_elements":"0.82035","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2735"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735","reference_id":"CVE-2015-2735","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2735"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewxc-cgha-5ya6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2997?format=json","vulnerability_id":"VCID-f9tb-p3ha-9ug6","summary":"Security researcher Aki Helin used the Address Sanitizer\ntool to discover an out-of-bounds read during playback of a malformed MP3 format\naudio file which switches sample formats. This could trigger a potentially\nexploitable crash or the reading of out-of-bounds memory content in some\ncircumstances.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4475.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4475","reference_id":"","reference_type":"","scores":[{"value":"0.01051","scoring_system":"epss","scoring_elements":"0.77895","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4475"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252276","reference_id":"1252276","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475","reference_id":"CVE-2015-4475","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-80","reference_id":"mfsa2015-80","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-80"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4475"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9tb-p3ha-9ug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=json","vulnerability_id":"VCID-ftnc-qwd9-jubp","summary":"Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1962","reference_id":"","reference_type":"","scores":[{"value":"0.02149","scoring_system":"epss","scoring_elements":"0.84559","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315578","reference_id":"1315578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962","reference_id":"CVE-2016-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25","reference_id":"mfsa2016-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1962"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=json","vulnerability_id":"VCID-fxjs-kgb3-6bb7","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2794","reference_id":"","reference_type":"","scores":[{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75641","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794","reference_id":"CVE-2016-2794","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2794"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2942?format=json","vulnerability_id":"VCID-g2sr-anu7-e7hu","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7180.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7180","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7180"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180","reference_id":"CVE-2015-7180","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7180"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2sr-anu7-e7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2950?format=json","vulnerability_id":"VCID-gcfa-hdye-jqar","summary":"An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer\noverflows in the libstagefright library that could be triggered by a malicious 'saio'\nchunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution.\nThis issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an\ninteger overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph\nDiehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4\nvideo with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that\ncould allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4479.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4479.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4479","reference_id":"","reference_type":"","scores":[{"value":"0.02729","scoring_system":"epss","scoring_elements":"0.86228","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252285","reference_id":"1252285","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479","reference_id":"CVE-2015-4479","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83","reference_id":"mfsa2015-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4479"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcfa-hdye-jqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1936?format=json","vulnerability_id":"VCID-gwmz-dnnk-bbhy","summary":"Security researcher Abdulrahman Alqabandi reported an issue where an\nattacker can load an arbitrary web page but the addressbar's displayed URL will be blank\nor filled with page defined content. This can be used to obfuscate which page is currently\nloaded and allows for an attacker to spoof an existing page without the malicious page's\naddress being displayed correctly.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1958.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1958.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1958","reference_id":"","reference_type":"","scores":[{"value":"0.00619","scoring_system":"epss","scoring_elements":"0.70358","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1958"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315574","reference_id":"1315574","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958","reference_id":"CVE-2016-1958","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21","reference_id":"mfsa2016-21","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1958"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwmz-dnnk-bbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2920?format=json","vulnerability_id":"VCID-h99r-s2rd-dbf9","summary":"Security researcher Ronald Crane reported a vulnerability found\nthrough code inspection. This issue is an integer overflow while processing an MP4 format\nvideo file when an a erroneously-small buffer is allocated and then overrun, resulting in\na potentially exploitable crash.\nThis issue only affects 64-bit versions with 32-bit versions being\nunaffected.In general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7213.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7213.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7213","reference_id":"","reference_type":"","scores":[{"value":"0.02438","scoring_system":"epss","scoring_elements":"0.85445","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7213"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291596","reference_id":"1291596","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291596"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213","reference_id":"CVE-2015-7213","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146","reference_id":"mfsa2015-146","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0001","reference_id":"RHSA-2016:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7213"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h99r-s2rd-dbf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2976?format=json","vulnerability_id":"VCID-hgqa-m8ub-f3dc","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4473.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4473","reference_id":"","reference_type":"","scores":[{"value":"0.04754","scoring_system":"epss","scoring_elements":"0.89622","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252271","reference_id":"1252271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473","reference_id":"CVE-2015-4473","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-79","reference_id":"mfsa2015-79","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-79"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1682","reference_id":"RHSA-2015:1682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4473"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgqa-m8ub-f3dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2952?format=json","vulnerability_id":"VCID-hpjp-69k9-akdz","summary":"An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer\noverflows in the libstagefright library that could be triggered by a malicious 'saio'\nchunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution.\nThis issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an\ninteger overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph\nDiehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4\nvideo with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that\ncould allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4493.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4493","reference_id":"","reference_type":"","scores":[{"value":"0.06981","scoring_system":"epss","scoring_elements":"0.91604","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4493"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252285","reference_id":"1252285","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493","reference_id":"CVE-2015-4493","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83","reference_id":"mfsa2015-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4493"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpjp-69k9-akdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71754?format=json","vulnerability_id":"VCID-hqnu-aq9h-gkb4","summary":"The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1526.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1526.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1526","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73679","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1308590","reference_id":"1308590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1308590"},{"reference_url":"https://security.gentoo.org/glsa/201701-35","reference_id":"GLSA-201701-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-35"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0594","reference_id":"RHSA-2016:0594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1526"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hqnu-aq9h-gkb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=json","vulnerability_id":"VCID-jr76-2aht-uqb2","summary":"Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1961","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73475","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315577","reference_id":"1315577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961","reference_id":"CVE-2016-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24","reference_id":"mfsa2016-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1961"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=json","vulnerability_id":"VCID-jubn-vjus-h3e8","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2792","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2792"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792","reference_id":"CVE-2016-2792","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2792"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=json","vulnerability_id":"VCID-kcpz-uwq4-skf4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2799","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.711","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2799"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799","reference_id":"CVE-2016-2799","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2799"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2917?format=json","vulnerability_id":"VCID-knkj-95et-a7bh","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2738.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2738","reference_id":"","reference_type":"","scores":[{"value":"0.01252","scoring_system":"epss","scoring_elements":"0.79674","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2738"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738","reference_id":"CVE-2015-2738","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2738"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knkj-95et-a7bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=json","vulnerability_id":"VCID-ksda-d24x-8bcf","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2797","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68711","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2797"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797","reference_id":"CVE-2016-2797","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2797"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2948?format=json","vulnerability_id":"VCID-kxka-bpkq-bbb4","summary":"Security researcher Bas Venis reported a mechanism where add-ons could\nbe installed from a different source than user expectations. Normally, when a user enters\nthe URL to an add-on directly in the addressbar, warning prompts are bypassed because it\nis the result of direct user action. He discovered that a data: URL could be\nmanipulated on a loaded page to simulate this direct user input of the add-on's URL, which\nwould result in a bypassing of the install permission prompt. He also reported that in the\nabsence of the permission prompt, it is possible to cause the actual installation prompt\nto appear above another site's location by causing a page navigation immediately after\ntriggering add-on installation. This could manipulate a user into falsely believing a\ntrusted site (such as addons.mozilla.org) has\ninitiated the installation. This could lead to users installing an add-on from a malicious\nsource.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4498.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4498","reference_id":"","reference_type":"","scores":[{"value":"0.00576","scoring_system":"epss","scoring_elements":"0.69179","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4498"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257278","reference_id":"1257278","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1257278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498","reference_id":"CVE-2015-4498","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-95","reference_id":"mfsa2015-95","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-95"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1693","reference_id":"RHSA-2015:1693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4498"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxka-bpkq-bbb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2908?format=json","vulnerability_id":"VCID-m6a6-yhfk-1ufh","summary":"Security researcher Tsubasa Iinuma reported a mechanism to violate\nsame-origin policy to content using data: and view-source: URIs\nto confuse protections and bypass restrictions. This resulted in the ability to read data from cross-site URLs and local files.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7214.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7214","reference_id":"","reference_type":"","scores":[{"value":"0.15477","scoring_system":"epss","scoring_elements":"0.94787","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7214"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291600","reference_id":"1291600","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214","reference_id":"CVE-2015-7214","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149","reference_id":"mfsa2015-149","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-149"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0001","reference_id":"RHSA-2016:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7214"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6a6-yhfk-1ufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2909?format=json","vulnerability_id":"VCID-mq7v-8uvq-5yeq","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7181.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7181","reference_id":"","reference_type":"","scores":[{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89904","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7181"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269345","reference_id":"1269345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7181"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq7v-8uvq-5yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=json","vulnerability_id":"VCID-mxj9-cgmx-zkg9","summary":"Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1964","reference_id":"","reference_type":"","scores":[{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315774","reference_id":"1315774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964","reference_id":"CVE-2016-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27","reference_id":"mfsa2016-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1964"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2924?format=json","vulnerability_id":"VCID-njfh-euqq-hyek","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4488.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4488.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4488","reference_id":"","reference_type":"","scores":[{"value":"0.01604","scoring_system":"epss","scoring_elements":"0.82061","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4488"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252293","reference_id":"1252293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488","reference_id":"CVE-2015-4488","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1682","reference_id":"RHSA-2015:1682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4488"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njfh-euqq-hyek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1971?format=json","vulnerability_id":"VCID-nmg1-t9x3-8kgb","summary":"The CESG, the Information Security Arm of GCHQ, reported that the\nJavaScript .watch() method could be used to overflow the 32-bit generation\ncount of the underlying HashMap, resulting in a write to an invalid entry. Under the right\nconditions this write could lead to arbitrary code execution. The overflow takes\nconsiderable time and a malicious page would require a user to keep it open for the\nduration of the attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2808.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2808.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2808","reference_id":"","reference_type":"","scores":[{"value":"0.00681","scoring_system":"epss","scoring_elements":"0.71991","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2808"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330286","reference_id":"1330286","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808","reference_id":"CVE-2016-2808","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47","reference_id":"mfsa2016-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2808"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmg1-t9x3-8kgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2906?format=json","vulnerability_id":"VCID-psax-4qxx-1udr","summary":"Security researcher Ronald Crane reported an underflow found through\ncode inspection. This does not all have a clear mechanism to be exploited through web\ncontent but could be vulnerable if a means can be found to trigger it.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7205.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7205.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7205","reference_id":"","reference_type":"","scores":[{"value":"0.00863","scoring_system":"epss","scoring_elements":"0.75435","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7205"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291595","reference_id":"1291595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205","reference_id":"CVE-2015-7205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145","reference_id":"mfsa2015-145","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0001","reference_id":"RHSA-2016:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7205"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psax-4qxx-1udr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2935?format=json","vulnerability_id":"VCID-qq5e-2j1p-uufm","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4517.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4517","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4517"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517","reference_id":"CVE-2015-4517","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4517"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5e-2j1p-uufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2932?format=json","vulnerability_id":"VCID-qq9w-dr8s-rbc1","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4500.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4500","reference_id":"","reference_type":"","scores":[{"value":"0.03173","scoring_system":"epss","scoring_elements":"0.8718","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265186","reference_id":"1265186","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500","reference_id":"CVE-2015-4500","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96","reference_id":"mfsa2015-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4500"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq9w-dr8s-rbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3021?format=json","vulnerability_id":"VCID-rf44-229c-qubm","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7201.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7201","reference_id":"","reference_type":"","scores":[{"value":"0.01575","scoring_system":"epss","scoring_elements":"0.81883","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7201"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291571","reference_id":"1291571","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201","reference_id":"CVE-2015-7201","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134","reference_id":"mfsa2015-134","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0001","reference_id":"RHSA-2016:0001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7201"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rf44-229c-qubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1881?format=json","vulnerability_id":"VCID-rhmy-7533-6be9","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1930.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1930.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1930","reference_id":"","reference_type":"","scores":[{"value":"0.0186","scoring_system":"epss","scoring_elements":"0.83405","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301818","reference_id":"1301818","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930","reference_id":"CVE-2016-1930","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01","reference_id":"mfsa2016-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0071","reference_id":"RHSA-2016:0071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0258","reference_id":"RHSA-2016:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1930"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhmy-7533-6be9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2989?format=json","vulnerability_id":"VCID-s1af-pc4s-4ya7","summary":"Mozilla community member Jonas Jenwald reported broken behavior in Mozilla's PDF.js PDF file viewer which led to the discovery that internal Workers were incorrectly executed with high privilege. If this flaw were combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2743.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2743","reference_id":"","reference_type":"","scores":[{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.78112","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2743"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236964","reference_id":"1236964","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743","reference_id":"CVE-2015-2743","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-69","reference_id":"mfsa2015-69","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-69"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2743"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1af-pc4s-4ya7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3036?format=json","vulnerability_id":"VCID-s42a-965d-buf6","summary":"An anonymous researcher reported, via HP's Zero Day Initiative, a use-after-free\nvulnerability with HTML media elements on a page during script manipulation of the URI\ntable of these elements. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4509.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4509.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4509","reference_id":"","reference_type":"","scores":[{"value":"0.04937","scoring_system":"epss","scoring_elements":"0.89807","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265192","reference_id":"1265192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265192"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509","reference_id":"CVE-2015-4509","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106","reference_id":"mfsa2015-106","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4509"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s42a-965d-buf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=json","vulnerability_id":"VCID-s874-n3jb-23h1","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2796","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68794","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2796"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796","reference_id":"CVE-2016-2796","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2796"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2937?format=json","vulnerability_id":"VCID-tbjb-eqta-cqc1","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4522.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4522","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4522"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522","reference_id":"CVE-2015-4522","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4522"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbjb-eqta-cqc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1946?format=json","vulnerability_id":"VCID-tw6u-q876-yfbm","summary":"Security researcher Aki Helin used the Address Sanitizer tool to find\na buffer overflow write when rendering some WebGL content. This leads to a potentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product, but is potentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1935.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1935.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1935","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64332","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301821","reference_id":"1301821","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1301821"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935","reference_id":"CVE-2016-1935","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03","reference_id":"mfsa2016-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0071","reference_id":"RHSA-2016:0071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0071"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0258","reference_id":"RHSA-2016:0258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1935"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw6u-q876-yfbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3052?format=json","vulnerability_id":"VCID-tx75-3f4v-j3f3","summary":"Security researcher Looben Yang reported a buffer overflow in the\nJPEGEncoder function during script interactions with a canvas\nelement. This is caused by a race condition and incorrectly matched sizes following image\ninteractions. This leads to a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7189.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7189","reference_id":"","reference_type":"","scores":[{"value":"0.03549","scoring_system":"epss","scoring_elements":"0.87901","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7189"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277344","reference_id":"1277344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189","reference_id":"CVE-2015-7189","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123","reference_id":"mfsa2015-123","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7189"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tx75-3f4v-j3f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3060?format=json","vulnerability_id":"VCID-u5j5-pnhq-2yan","summary":"Security researcher Paul Bandha reported a type confusion\nerror where part of IDBDatabase is read by the Indexed Database\nManager and incorrectly used as a pointer when it shouldn't be used as such.\nThis leads to memory corruption and the possibility of an exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2728.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2728.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2728","reference_id":"","reference_type":"","scores":[{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.78093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236951","reference_id":"1236951","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236951"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728","reference_id":"CVE-2015-2728","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-61","reference_id":"mfsa2015-61","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2728"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5j5-pnhq-2yan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2940?format=json","vulnerability_id":"VCID-v2bv-3xwa-m7eu","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7176.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7176.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7176","reference_id":"","reference_type":"","scores":[{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90584","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7176"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176","reference_id":"CVE-2015-7176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7176"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2bv-3xwa-m7eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1921?format=json","vulnerability_id":"VCID-v6sk-vcxm-dudy","summary":"Security researcher James Clawson used the Address Sanitizer tool to\ndiscover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite\nfont file. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1969","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.64989","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1317560","reference_id":"1317560","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1317560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969","reference_id":"CVE-2016-1969","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1969"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38","reference_id":"mfsa2016-38","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0197","reference_id":"RHSA-2016:0197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-1969"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6sk-vcxm-dudy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=json","vulnerability_id":"VCID-vct8-ur1y-63db","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2721","reference_id":"","reference_type":"","scores":[{"value":"0.00511","scoring_system":"epss","scoring_elements":"0.66799","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236967","reference_id":"1236967","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"CVE-2015-2721","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1185","reference_id":"RHSA-2015:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1664","reference_id":"RHSA-2015:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1664"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3018?format=json","vulnerability_id":"VCID-vswn-ph7t-akfr","summary":"Security researcher Ronald Crane reported three vulnerabilities\naffecting released code that were found through code inspection. These included a\nbuffer overflow in the ANGLE graphics library and two issues of missing status checks in\nSVG rendering and during cryptographic key manipulation. These do not all have clear\nmechanisms to be exploited through web content but are vulnerable if a mechanism can be\nfound to trigger them.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7200.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7200","reference_id":"","reference_type":"","scores":[{"value":"0.02289","scoring_system":"epss","scoring_elements":"0.85004","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7200"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277350","reference_id":"1277350","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200","reference_id":"CVE-2015-7200","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131","reference_id":"mfsa2015-131","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7200"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vswn-ph7t-akfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=json","vulnerability_id":"VCID-wd34-8uw6-2uh4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2801","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801","reference_id":"CVE-2016-2801","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2801"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3053?format=json","vulnerability_id":"VCID-wg7c-s7bd-nygc","summary":"Security researcher Looben Yang reported a use-after-free error in\nWebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still\nbelieve is has a datachannel open after another WebRTC function has closed it. This\nresults in attempts to use the now destroyed datachannel, leading to a potentially\nexploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7210.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7210","reference_id":"","reference_type":"","scores":[{"value":"0.01773","scoring_system":"epss","scoring_elements":"0.8301","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7210"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291585","reference_id":"1291585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1291585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210","reference_id":"CVE-2015-7210","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7210"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138","reference_id":"mfsa2015-138","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2657","reference_id":"RHSA-2015:2657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2657"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7210"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg7c-s7bd-nygc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2923?format=json","vulnerability_id":"VCID-wjz2-h366-vbae","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4487.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4487.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4487","reference_id":"","reference_type":"","scores":[{"value":"0.02262","scoring_system":"epss","scoring_elements":"0.84925","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4487"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252293","reference_id":"1252293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487","reference_id":"CVE-2015-4487","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1682","reference_id":"RHSA-2015:1682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4487"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjz2-h366-vbae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2956?format=json","vulnerability_id":"VCID-x1fr-hs7k-e7hs","summary":"Security researcher Jukka Jylänki reported a crash that\noccurs because JavaScript, when using shared memory, does not properly gate\naccess to Atomics or SharedArrayBuffer views in some\ncontexts. This leads to a non-exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4484.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4484.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4484","reference_id":"","reference_type":"","scores":[{"value":"0.00714","scoring_system":"epss","scoring_elements":"0.72704","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4484"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252289","reference_id":"1252289","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484","reference_id":"CVE-2015-4484","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-87","reference_id":"mfsa2015-87","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-87"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4484"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fr-hs7k-e7hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2941?format=json","vulnerability_id":"VCID-xevw-4gkg-akc6","summary":"Security researcher Ronald Crane reported eight\nvulnerabilities affecting released code that were found through code inspection. These\nincluded several potential memory safety issues resulting from the use of\nsnprintf, one use of unowned memory, one use of a string without overflow\nchecks, and five memory safety bugs. These do not all have clear mechanisms to be\nexploited through web content but are vulnerable if a mechanism can be found to trigger\nthem.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7177.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7177.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7177","reference_id":"","reference_type":"","scores":[{"value":"0.03205","scoring_system":"epss","scoring_elements":"0.87248","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7177"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784","reference_id":"1265784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1265784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177","reference_id":"CVE-2015-7177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112","reference_id":"mfsa2015-112","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-112"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1834","reference_id":"RHSA-2015:1834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1852","reference_id":"RHSA-2015:1852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-7177"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xevw-4gkg-akc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=json","vulnerability_id":"VCID-xmkv-47hn-43ck","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2800","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2800"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800","reference_id":"CVE-2016-2800","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2800"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2951?format=json","vulnerability_id":"VCID-xsxg-msc8-1kfp","summary":"An anonymous researcher reported, via TippingPoint's Zero Day Initiative, two integer\noverflows in the libstagefright library that could be triggered by a malicious 'saio'\nchunk in an MPEG4 video. These overflows allowed for potential arbitrary code execution.\nThis issue was independently reported by security researcher laf.intel.Security researcher Massimiliano Tomassoli also discovered an\ninteger overflow issue when parsing an invalid MPEG4 video.Mozilla security engineers Tyson Smith and Christoph\nDiehl used the Address Sanitizer to find a buffer overflow when parsing an MPEG4\nvideo with an invalid size in an ESDS chunk lead to memory corruption.Each of these reported issues result in potentially exploitable crashes that\ncould allow for remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4480.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4480.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4480","reference_id":"","reference_type":"","scores":[{"value":"0.03681","scoring_system":"epss","scoring_elements":"0.88129","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4480"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252285","reference_id":"1252285","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480","reference_id":"CVE-2015-4480","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83","reference_id":"mfsa2015-83","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4480"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsxg-msc8-1kfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2925?format=json","vulnerability_id":"VCID-y429-zgqe-4ffk","summary":"Security researcher Ronald Crane reported three\nvulnerabilities affecting released code that were found through code inspection.\nThese included one use of unowned memory, one use of a deleted object, and one\nmemory safety bug. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4489.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4489.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4489","reference_id":"","reference_type":"","scores":[{"value":"0.0186","scoring_system":"epss","scoring_elements":"0.83408","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4489"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252293","reference_id":"1252293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489","reference_id":"CVE-2015-4489","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90","reference_id":"mfsa2015-90","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1586","reference_id":"RHSA-2015:1586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1682","reference_id":"RHSA-2015:1682","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4489"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y429-zgqe-4ffk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2992?format=json","vulnerability_id":"VCID-ymzx-f3pc-pfc2","summary":"Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4513.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4513","reference_id":"","reference_type":"","scores":[{"value":"0.02015","scoring_system":"epss","scoring_elements":"0.8405","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4513"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277332","reference_id":"1277332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1277332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513","reference_id":"CVE-2015-4513","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116","reference_id":"mfsa2015-116","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1982","reference_id":"RHSA-2015:1982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2519","reference_id":"RHSA-2015:2519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-4513"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymzx-f3pc-pfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2918?format=json","vulnerability_id":"VCID-yr7f-4cr1-nye2","summary":"Security researcher Ronald Crane reported seven\nvulnerabilities affecting released code that he found through code inspection.\nThese included three uses of uninitialized memory, one poor validation\nleading to an exploitable crash, one read of unowned memory in zip files, and\ntwo buffer overflows. These do not all have clear mechanisms to be exploited\nthrough web content but are vulnerable if a mechanism can be found to trigger\nthem.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2739.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2739","reference_id":"","reference_type":"","scores":[{"value":"0.01051","scoring_system":"epss","scoring_elements":"0.77894","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2739"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956","reference_id":"1236956","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739","reference_id":"CVE-2015-2739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66","reference_id":"mfsa2015-66","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-66"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1207","reference_id":"RHSA-2015:1207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1207"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1455","reference_id":"RHSA-2015:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4056?format=json","purl":"pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1322-2jgj-2kh2"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-2p4t-fga2-sqfa"},{"vulnerability":"VCID-2pb1-uy1v-vuf1"},{"vulnerability":"VCID-2r71-u8q9-t7fw"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-35ek-28ks-vqdf"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-59jz-5qv2-5yb1"},{"vulnerability":"VCID-63se-aey7-4kdh"},{"vulnerability":"VCID-644p-f2nh-e7ah"},{"vulnerability":"VCID-6q33-akyf-v7cw"},{"vulnerability":"VCID-6x8h-7v19-x7d2"},{"vulnerability":"VCID-79px-mpkc-ybf6"},{"vulnerability":"VCID-7chb-gfkw-kkdc"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-89p2-k3uk-bkhp"},{"vulnerability":"VCID-89x5-7hfe-jbc7"},{"vulnerability":"VCID-8z2y-h8mf-4fgk"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-a5mh-mmhh-pfg6"},{"vulnerability":"VCID-ac68-q866-pugy"},{"vulnerability":"VCID-agrg-fr7r-zyec"},{"vulnerability":"VCID-are2-nwm2-ekfb"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-b91n-146p-u3a5"},{"vulnerability":"VCID-bndf-h1gn-dbhg"},{"vulnerability":"VCID-cf7n-mn5h-yyaq"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-cvjs-nw3e-6be2"},{"vulnerability":"VCID-cwdt-7ey1-5bax"},{"vulnerability":"VCID-ddgc-sfjs-bkgg"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dpxq-myh4-wfbs"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-ecjy-9yqg-d7g5"},{"vulnerability":"VCID-ee73-m58a-z3br"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-ewxc-cgha-5ya6"},{"vulnerability":"VCID-f9tb-p3ha-9ug6"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-g2sr-anu7-e7hu"},{"vulnerability":"VCID-gcfa-hdye-jqar"},{"vulnerability":"VCID-gwmz-dnnk-bbhy"},{"vulnerability":"VCID-h99r-s2rd-dbf9"},{"vulnerability":"VCID-hgqa-m8ub-f3dc"},{"vulnerability":"VCID-hpjp-69k9-akdz"},{"vulnerability":"VCID-hqnu-aq9h-gkb4"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-knkj-95et-a7bh"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-kxka-bpkq-bbb4"},{"vulnerability":"VCID-m6a6-yhfk-1ufh"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-njfh-euqq-hyek"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"},{"vulnerability":"VCID-psax-4qxx-1udr"},{"vulnerability":"VCID-qq5e-2j1p-uufm"},{"vulnerability":"VCID-qq9w-dr8s-rbc1"},{"vulnerability":"VCID-rf44-229c-qubm"},{"vulnerability":"VCID-rhmy-7533-6be9"},{"vulnerability":"VCID-s1af-pc4s-4ya7"},{"vulnerability":"VCID-s42a-965d-buf6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-tbjb-eqta-cqc1"},{"vulnerability":"VCID-tw6u-q876-yfbm"},{"vulnerability":"VCID-tx75-3f4v-j3f3"},{"vulnerability":"VCID-u5j5-pnhq-2yan"},{"vulnerability":"VCID-v2bv-3xwa-m7eu"},{"vulnerability":"VCID-v6sk-vcxm-dudy"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-vswn-ph7t-akfr"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wg7c-s7bd-nygc"},{"vulnerability":"VCID-wjz2-h366-vbae"},{"vulnerability":"VCID-x1fr-hs7k-e7hs"},{"vulnerability":"VCID-xevw-4gkg-akc6"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xsxg-msc8-1kfp"},{"vulnerability":"VCID-y429-zgqe-4ffk"},{"vulnerability":"VCID-ymzx-f3pc-pfc2"},{"vulnerability":"VCID-yr7f-4cr1-nye2"},{"vulnerability":"VCID-yssr-7m7d-b7fh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@31.8.0esr-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2015-2739"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yr7f-4cr1-nye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=json","vulnerability_id":"VCID-yssr-7m7d-b7fh","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2795","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2795"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795","reference_id":"CVE-2016-2795","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4057?format=json","purl":"pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-27t5-214b-33g2"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-nmg1-t9x3-8kgb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}],"aliases":["CVE-2016-2795"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iceweasel@38.8.0esr-1~deb7u1"}