{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","type":"deb","namespace":"debian","name":"icedove","version":"1:45.8.0-3~deb8u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/650?format=json","vulnerability_id":"VCID-1j25-aujy-1fb3","summary":"A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7752.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7752.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7752","reference_id":"","reference_type":"","scores":[{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.77015","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.77018","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.77027","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461256","reference_id":"1461256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461256"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7752"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1j25-aujy-1fb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/653?format=json","vulnerability_id":"VCID-1qr1-6zdx-fqd1","summary":"A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7757.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7757.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7757","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461259","reference_id":"1461259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461259"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7757"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qr1-6zdx-fqd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/602?format=json","vulnerability_id":"VCID-21fd-3bm8-nuhg","summary":"Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7787.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7787","reference_id":"","reference_type":"","scores":[{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77124","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77094","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77126","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00979","scoring_system":"epss","scoring_elements":"0.77136","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479206","reference_id":"1479206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479206"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7787"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21fd-3bm8-nuhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/646?format=json","vulnerability_id":"VCID-2ep2-61mb-cbd3","summary":"A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7749.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7749.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7749","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461253","reference_id":"1461253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461253"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7749"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ep2-61mb-cbd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/647?format=json","vulnerability_id":"VCID-2nfu-kf32-myag","summary":"A use-after-free vulnerability during video control operations when a <track> element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7750.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7750.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7750","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461254","reference_id":"1461254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461254"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7750"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nfu-kf32-myag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/604?format=json","vulnerability_id":"VCID-3qw2-tzj7-u3fa","summary":"A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7792.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7792","reference_id":"","reference_type":"","scores":[{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91861","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91851","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91863","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07363","scoring_system":"epss","scoring_elements":"0.91865","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479210","reference_id":"1479210","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479210"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7792"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qw2-tzj7-u3fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/595?format=json","vulnerability_id":"VCID-5a6g-h3b1-vqfy","summary":"A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7801.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7801","reference_id":"","reference_type":"","scores":[{"value":"0.02318","scoring_system":"epss","scoring_elements":"0.85109","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02318","scoring_system":"epss","scoring_elements":"0.85086","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02318","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02318","scoring_system":"epss","scoring_elements":"0.85114","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479223","reference_id":"1479223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479223"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7801"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5a6g-h3b1-vqfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4541?format=json","vulnerability_id":"VCID-6pr4-1zfj-9ydj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7772.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7772","reference_id":"","reference_type":"","scores":[{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70379","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70337","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70388","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472213","reference_id":"1472213","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472213"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7772"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pr4-1zfj-9ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/659?format=json","vulnerability_id":"VCID-6s7e-79u3-h7ed","summary":"Mozilla developers and community members Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, and Nils Ohlmeier reported memory safety bugs present in Firefox 53, Firefox ESR 52.1, and Thunderbird 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5470.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5470.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5470","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461264","reference_id":"1461264","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461264"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-5470"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s7e-79u3-h7ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/596?format=json","vulnerability_id":"VCID-74ur-xkr1-a7er","summary":"A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7809.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7809","reference_id":"","reference_type":"","scores":[{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85015","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85038","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85043","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7809"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479650","reference_id":"1479650","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479650"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7809"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-74ur-xkr1-a7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/597?format=json","vulnerability_id":"VCID-883g-dbap-u7aw","summary":"A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7784.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7784","reference_id":"","reference_type":"","scores":[{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90125","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90112","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90128","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05217","scoring_system":"epss","scoring_elements":"0.90127","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479201","reference_id":"1479201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479201"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7784"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-883g-dbap-u7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4537?format=json","vulnerability_id":"VCID-8hfq-xxg6-tue8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7776.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7776","reference_id":"","reference_type":"","scores":[{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70379","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70337","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70388","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472223","reference_id":"1472223","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472223"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7776"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hfq-xxg6-tue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4542?format=json","vulnerability_id":"VCID-abde-jm4w-5yde","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7771.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7771.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7771","reference_id":"","reference_type":"","scores":[{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67925","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67922","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67885","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67932","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472212","reference_id":"1472212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472212"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7771"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abde-jm4w-5yde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/601?format=json","vulnerability_id":"VCID-azwt-6846-1kgm","summary":"An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7753.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7753.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7753","reference_id":"","reference_type":"","scores":[{"value":"0.01721","scoring_system":"epss","scoring_elements":"0.82766","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01721","scoring_system":"epss","scoring_elements":"0.82744","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01721","scoring_system":"epss","scoring_elements":"0.82769","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01721","scoring_system":"epss","scoring_elements":"0.82768","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:C"},{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479188","reference_id":"1479188","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479188"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7753"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-azwt-6846-1kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/645?format=json","vulnerability_id":"VCID-bxpd-zacn-8bfv","summary":"A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5472.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5472.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5472","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461252","reference_id":"1461252","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461252"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-5472"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxpd-zacn-8bfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/598?format=json","vulnerability_id":"VCID-f9cy-h7kt-zudr","summary":"A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7802.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7802","reference_id":"","reference_type":"","scores":[{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85015","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85038","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02292","scoring_system":"epss","scoring_elements":"0.85043","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479224","reference_id":"1479224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479224"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7802"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9cy-h7kt-zudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/608?format=json","vulnerability_id":"VCID-fznu-jdyc-47hv","summary":"When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7803.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7803.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7803","reference_id":"","reference_type":"","scores":[{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78383","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78358","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78385","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78393","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479225","reference_id":"1479225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479225"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7803"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fznu-jdyc-47hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/600?format=json","vulnerability_id":"VCID-gcyv-192g-3ygq","summary":"A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7786.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7786.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7786","reference_id":"","reference_type":"","scores":[{"value":"0.0852","scoring_system":"epss","scoring_elements":"0.92527","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0852","scoring_system":"epss","scoring_elements":"0.92523","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0852","scoring_system":"epss","scoring_elements":"0.92536","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0852","scoring_system":"epss","scoring_elements":"0.92531","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479205","reference_id":"1479205","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479205"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7786"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyv-192g-3ygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/609?format=json","vulnerability_id":"VCID-k458-ek4h-4kht","summary":"Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7779.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7779.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7779","reference_id":"","reference_type":"","scores":[{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78444","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78419","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01104","scoring_system":"epss","scoring_elements":"0.78455","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479191","reference_id":"1479191","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479191"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7779"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k458-ek4h-4kht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/606?format=json","vulnerability_id":"VCID-md7v-but8-7qdz","summary":"On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7791.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7791","reference_id":"","reference_type":"","scores":[{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80479","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80454","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80481","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01355","scoring_system":"epss","scoring_elements":"0.80483","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:N"},{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479209","reference_id":"1479209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479209"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7791"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-md7v-but8-7qdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4536?format=json","vulnerability_id":"VCID-njra-xv9f-ffck","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7777.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7777.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7777","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66177","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66171","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66125","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66186","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472225","reference_id":"1472225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472225"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7777"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njra-xv9f-ffck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/594?format=json","vulnerability_id":"VCID-p1ry-j666-3qhy","summary":"A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7800.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7800","reference_id":"","reference_type":"","scores":[{"value":"0.04285","scoring_system":"epss","scoring_elements":"0.89056","published_at":"2026-06-07T12:55:00Z"},{"value":"0.04285","scoring_system":"epss","scoring_elements":"0.89037","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04285","scoring_system":"epss","scoring_elements":"0.89054","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479218","reference_id":"1479218","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479218"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7800"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1ry-j666-3qhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4539?format=json","vulnerability_id":"VCID-ppw9-56ha-2bhm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7774.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7774.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7774","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.6873","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68729","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.6869","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68737","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472219","reference_id":"1472219","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472219"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7774"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppw9-56ha-2bhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/648?format=json","vulnerability_id":"VCID-s4se-eex7-h7a6","summary":"A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7751.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7751.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7751","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461255","reference_id":"1461255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461255"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7751"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4se-eex7-h7a6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/657?format=json","vulnerability_id":"VCID-s8cd-xy2t-vyem","summary":"Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7764.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7764","reference_id":"","reference_type":"","scores":[{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77743","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77719","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77746","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01035","scoring_system":"epss","scoring_elements":"0.77753","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:P"},{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461262","reference_id":"1461262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461262"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7764"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8cd-xy2t-vyem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/651?format=json","vulnerability_id":"VCID-u7r9-ukbq-mkb4","summary":"An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7754.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7754.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7754","reference_id":"","reference_type":"","scores":[{"value":"0.01409","scoring_system":"epss","scoring_elements":"0.80867","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01409","scoring_system":"epss","scoring_elements":"0.8084","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01409","scoring_system":"epss","scoring_elements":"0.80868","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01409","scoring_system":"epss","scoring_elements":"0.8087","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461257","reference_id":"1461257","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461257"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7754"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7r9-ukbq-mkb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/652?format=json","vulnerability_id":"VCID-uaga-tye9-gqg1","summary":"A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7756.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7756.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7756","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461258","reference_id":"1461258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461258"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7756"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaga-tye9-gqg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/654?format=json","vulnerability_id":"VCID-uh5h-t12y-h3b1","summary":"A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7778.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7778","reference_id":"","reference_type":"","scores":[{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81057","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81029","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81058","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81061","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461260","reference_id":"1461260","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461260"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7778"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uh5h-t12y-h3b1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/603?format=json","vulnerability_id":"VCID-uww5-29jb-n3gc","summary":"A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7807.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7807","reference_id":"","reference_type":"","scores":[{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.7404","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.74016","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.74049","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00778","scoring_system":"epss","scoring_elements":"0.74054","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479227","reference_id":"1479227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479227"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7807"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uww5-29jb-n3gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/655?format=json","vulnerability_id":"VCID-wxca-7hua-tubu","summary":"An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7758.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7758.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7758","reference_id":"","reference_type":"","scores":[{"value":"0.01684","scoring_system":"epss","scoring_elements":"0.8257","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01684","scoring_system":"epss","scoring_elements":"0.82545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01684","scoring_system":"epss","scoring_elements":"0.82572","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461261","reference_id":"1461261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461261"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15","reference_id":"mfsa2017-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16","reference_id":"mfsa2017-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-16"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17","reference_id":"mfsa2017-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7758"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxca-7hua-tubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/599?format=json","vulnerability_id":"VCID-x2hg-g7n3-8qbw","summary":"A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7785.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7785","reference_id":"","reference_type":"","scores":[{"value":"0.08433","scoring_system":"epss","scoring_elements":"0.92488","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08433","scoring_system":"epss","scoring_elements":"0.92484","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08433","scoring_system":"epss","scoring_elements":"0.92497","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08433","scoring_system":"epss","scoring_elements":"0.92492","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7753"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7784"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7809"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479203","reference_id":"1479203","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1479203"},{"reference_url":"https://security.archlinux.org/ASA-201708-18","reference_id":"ASA-201708-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-18"},{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://security.archlinux.org/AVG-385","reference_id":"AVG-385","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-385"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19","reference_id":"mfsa2017-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-19"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20","reference_id":"mfsa2017-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2456","reference_id":"RHSA-2017:2456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2534","reference_id":"RHSA-2017:2534","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2534"},{"reference_url":"https://usn.ubuntu.com/3391-1/","reference_id":"USN-3391-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3391-1/"},{"reference_url":"https://usn.ubuntu.com/3416-1/","reference_id":"USN-3416-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3416-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7785"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2hg-g7n3-8qbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4540?format=json","vulnerability_id":"VCID-zakg-k4hk-fyhm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7773.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7773.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7773","reference_id":"","reference_type":"","scores":[{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70379","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.7037","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70337","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00618","scoring_system":"epss","scoring_elements":"0.70388","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7750"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7752"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7756"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7758"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7771"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7772"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7773"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472215","reference_id":"1472215","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1472215"},{"reference_url":"https://security.archlinux.org/ASA-201706-19","reference_id":"ASA-201706-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-19"},{"reference_url":"https://security.archlinux.org/ASA-201706-20","reference_id":"ASA-201706-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-20"},{"reference_url":"https://security.archlinux.org/AVG-302","reference_id":"AVG-302","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-302"},{"reference_url":"https://security.archlinux.org/AVG-303","reference_id":"AVG-303","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-303"},{"reference_url":"https://security.gentoo.org/glsa/201710-13","reference_id":"GLSA-201710-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-13"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1440","reference_id":"RHSA-2017:1440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1561","reference_id":"RHSA-2017:1561","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1561"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1793","reference_id":"RHSA-2017:1793","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1793"},{"reference_url":"https://usn.ubuntu.com/3315-1/","reference_id":"USN-3315-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3315-1/"},{"reference_url":"https://usn.ubuntu.com/3321-1/","reference_id":"USN-3321-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3321-1/"},{"reference_url":"https://usn.ubuntu.com/3398-1/","reference_id":"USN-3398-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3398-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4284?format=json","purl":"pkg:deb/debian/icedove@1:52.3.0-4~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:52.3.0-4~deb8u2"}],"aliases":["CVE-2017-7773"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zakg-k4hk-fyhm"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/546?format=json","vulnerability_id":"VCID-11uz-v7pw-v7hw","summary":"URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5383.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5383","reference_id":"","reference_type":"","scores":[{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83934","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83913","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83936","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01986","scoring_system":"epss","scoring_elements":"0.83939","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416281","reference_id":"1416281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416281"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5383"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11uz-v7pw-v7hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1935?format=json","vulnerability_id":"VCID-1bx2-4ka7-w3cr","summary":"The CESG, the Information Security Arm of GCHQ, reported a dangling\npointer dereference within the Netscape Plugin Application Programming Interface (NPAPI)\nthat could lead to the NPAPI subsystem crashing. This issue requires a maliciously crafted\nNPAPI plugin in concert with scripted web content, resulting in a potentially exploitable\ncrash when triggered.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1966","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74356","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74389","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74394","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74381","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315778","reference_id":"1315778","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966","reference_id":"CVE-2016-1966","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31","reference_id":"mfsa2016-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1966"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bx2-4ka7-w3cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/232?format=json","vulnerability_id":"VCID-1es7-pnwd-pfdw","summary":"A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9066","reference_id":"","reference_type":"","scores":[{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95702","published_at":"2026-06-07T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95691","published_at":"2026-06-04T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95696","published_at":"2026-06-05T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.957","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395061","reference_id":"1395061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395061"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9066"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1es7-pnwd-pfdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217?format=json","vulnerability_id":"VCID-2dx6-ehwy-xubu","summary":"Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9899.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9899","reference_id":"","reference_type":"","scores":[{"value":"0.36421","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-06-07T12:55:00Z"},{"value":"0.36421","scoring_system":"epss","scoring_elements":"0.97205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.36421","scoring_system":"epss","scoring_elements":"0.9721","published_at":"2026-06-05T12:55:00Z"},{"value":"0.36421","scoring_system":"epss","scoring_elements":"0.97212","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404083","reference_id":"1404083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404083"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html","reference_id":"CVE-2016-9899","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/41042.html"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2973","reference_id":"RHSA-2016:2973","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2973"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9899"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dx6-ehwy-xubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/540?format=json","vulnerability_id":"VCID-3am9-1vdf-27gt","summary":"JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5375.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5375","reference_id":"","reference_type":"","scores":[{"value":"0.58393","scoring_system":"epss","scoring_elements":"0.98236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.58393","scoring_system":"epss","scoring_elements":"0.98233","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416271","reference_id":"1416271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416271"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5375"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3am9-1vdf-27gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1905?format=json","vulnerability_id":"VCID-3uny-z4bs-9bfk","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2791","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2791"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791","reference_id":"CVE-2016-2791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2791"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3uny-z4bs-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/541?format=json","vulnerability_id":"VCID-442s-jgvp-gfav","summary":"Use-after-free while manipulating XSL in XSLT documents","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5376.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5376","reference_id":"","reference_type":"","scores":[{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83249","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.8325","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416272","reference_id":"1416272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416272"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5376"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-442s-jgvp-gfav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218?format=json","vulnerability_id":"VCID-4cyw-yxhd-77af","summary":"Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9895.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9895","reference_id":"","reference_type":"","scores":[{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72618","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72589","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72629","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00709","scoring_system":"epss","scoring_elements":"0.72636","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404086","reference_id":"1404086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404086"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2973","reference_id":"RHSA-2016:2973","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2973"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9895"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cyw-yxhd-77af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/228?format=json","vulnerability_id":"VCID-4eg8-dc82-fqd6","summary":"Mozilla developers and community members Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, Boris Zbarsky, and Marco Castelluccio reported memory safety bugs present in Firefox 50.0.2 and Firefox ESR 45.5.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9893.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9893","reference_id":"","reference_type":"","scores":[{"value":"0.02683","scoring_system":"epss","scoring_elements":"0.86151","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02683","scoring_system":"epss","scoring_elements":"0.86127","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02683","scoring_system":"epss","scoring_elements":"0.86148","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404096","reference_id":"1404096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404096"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2973","reference_id":"RHSA-2016:2973","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2973"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9893"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4eg8-dc82-fqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/522?format=json","vulnerability_id":"VCID-4gky-p4gv-u7cw","summary":"Video files loaded video captions cross-origin without checking for the presence of  CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5408.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5408","reference_id":"","reference_type":"","scores":[{"value":"0.01068","scoring_system":"epss","scoring_elements":"0.78088","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01068","scoring_system":"epss","scoring_elements":"0.78063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01068","scoring_system":"epss","scoring_elements":"0.7809","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01068","scoring_system":"epss","scoring_elements":"0.78097","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429784","reference_id":"1429784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429784"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5408"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gky-p4gv-u7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=json","vulnerability_id":"VCID-4hgx-k5jn-ckeu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1977","reference_id":"","reference_type":"","scores":[{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72453","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72461","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72441","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1977"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977","reference_id":"CVE-2016-1977","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1977"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/519?format=json","vulnerability_id":"VCID-4ncv-bsfh-kufk","summary":"Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5410.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5410.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5410","reference_id":"","reference_type":"","scores":[{"value":"0.01677","scoring_system":"epss","scoring_elements":"0.82528","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01677","scoring_system":"epss","scoring_elements":"0.82502","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01677","scoring_system":"epss","scoring_elements":"0.82531","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01677","scoring_system":"epss","scoring_elements":"0.8253","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429783","reference_id":"1429783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429783"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5410"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ncv-bsfh-kufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1907?format=json","vulnerability_id":"VCID-4r11-gv5n-rbhb","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2793.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2793","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68711","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68751","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68759","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2793"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793","reference_id":"CVE-2016-2793","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2793"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4r11-gv5n-rbhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/539?format=json","vulnerability_id":"VCID-53n9-hyzh-yyaz","summary":"Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5398.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5398.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5398","reference_id":"","reference_type":"","scores":[{"value":"0.02034","scoring_system":"epss","scoring_elements":"0.84151","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02034","scoring_system":"epss","scoring_elements":"0.8413","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02034","scoring_system":"epss","scoring_elements":"0.84153","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02034","scoring_system":"epss","scoring_elements":"0.84156","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429786","reference_id":"1429786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429786"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5398"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53n9-hyzh-yyaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/547?format=json","vulnerability_id":"VCID-5m57-7cch-v3ga","summary":"Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Thunderbird 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5373.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5373","reference_id":"","reference_type":"","scores":[{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83249","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.8325","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1415924","reference_id":"1415924","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1415924"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5373"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5m57-7cch-v3ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/229?format=json","vulnerability_id":"VCID-6xqg-t9fu-2kfk","summary":"A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5296","reference_id":"","reference_type":"","scores":[{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8584","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8582","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85842","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85844","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395055","reference_id":"1395055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395055"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5296"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xqg-t9fu-2kfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1965?format=json","vulnerability_id":"VCID-7hry-whqg-97gm","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2807.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2807","reference_id":"","reference_type":"","scores":[{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83029","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83056","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83052","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2807"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330271","reference_id":"1330271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807","reference_id":"CVE-2016-2807","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1041","reference_id":"RHSA-2016:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1041"},{"reference_url":"https://usn.ubuntu.com/2936-1/","reference_id":"USN-2936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2936-1/"},{"reference_url":"https://usn.ubuntu.com/2973-1/","reference_id":"USN-2973-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2973-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2807"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1912?format=json","vulnerability_id":"VCID-86p5-m5xh-wba9","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2798.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2798","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2798"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798","reference_id":"CVE-2016-2798","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2798"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86p5-m5xh-wba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1916?format=json","vulnerability_id":"VCID-9hcm-h8uk-xygz","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2802","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2802"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802","reference_id":"CVE-2016-2802","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2802"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hcm-h8uk-xygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/233?format=json","vulnerability_id":"VCID-9tuh-j2va-53hy","summary":"A same-origin policy bypass with local shortcut files to load arbitrary local content from disk.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5291","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1125","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11204","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11291","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11283","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395065","reference_id":"1395065","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395065"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5291"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tuh-j2va-53hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1950","reference_id":"","reference_type":"","scores":[{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83439","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83464","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83465","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83462","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310509","reference_id":"1310509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0370","reference_id":"RHSA-2016:0370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0371","reference_id":"RHSA-2016:0371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0495","reference_id":"RHSA-2016:0495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0495"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2924-1/","reference_id":"USN-2924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2924-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1950"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1904?format=json","vulnerability_id":"VCID-a5ee-c6f4-tufu","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2790.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2790","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2790"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790","reference_id":"CVE-2016-2790","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2790"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5ee-c6f4-tufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=json","vulnerability_id":"VCID-b1zu-35mw-jkdg","summary":"Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1957","reference_id":"","reference_type":"","scores":[{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58084","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58136","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58143","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00355","scoring_system":"epss","scoring_elements":"0.58132","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315573","reference_id":"1315573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957","reference_id":"CVE-2016-1957","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20","reference_id":"mfsa2016-20","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1957"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/545?format=json","vulnerability_id":"VCID-bn6e-q2fz-7fba","summary":"A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5396.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5396","reference_id":"","reference_type":"","scores":[{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84725","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84703","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84727","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8473","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416280","reference_id":"1416280","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416280"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5396"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bn6e-q2fz-7fba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=json","vulnerability_id":"VCID-cr9v-b95v-eyha","summary":"Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1974.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1974","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66064","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66116","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66127","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.66111","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1974"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315785","reference_id":"1315785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974","reference_id":"CVE-2016-1974","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34","reference_id":"mfsa2016-34","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1974"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/512?format=json","vulnerability_id":"VCID-d5gv-m4u7-3bfc","summary":"JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5400.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5400","reference_id":"","reference_type":"","scores":[{"value":"0.01023","scoring_system":"epss","scoring_elements":"0.77627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01023","scoring_system":"epss","scoring_elements":"0.77601","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01023","scoring_system":"epss","scoring_elements":"0.77629","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01023","scoring_system":"epss","scoring_elements":"0.77637","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429778","reference_id":"1429778","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429778"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5400"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5gv-m4u7-3bfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=json","vulnerability_id":"VCID-dhjd-31cm-1fh6","summary":"Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1960.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1960","reference_id":"","reference_type":"","scores":[{"value":"0.86455","scoring_system":"epss","scoring_elements":"0.99427","published_at":"2026-06-04T12:55:00Z"},{"value":"0.86455","scoring_system":"epss","scoring_elements":"0.99428","published_at":"2026-06-06T12:55:00Z"},{"value":"0.86455","scoring_system":"epss","scoring_elements":"0.99429","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1960"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315576","reference_id":"1315576","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960","reference_id":"CVE-2016-1960","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html","reference_id":"CVE-2016-1960","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42484.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html","reference_id":"CVE-2017-5375;CVE-2016-1960","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/44294.html"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23","reference_id":"mfsa2016-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1960"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=json","vulnerability_id":"VCID-dxam-cewh-63dt","summary":"Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1954.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1954","reference_id":"","reference_type":"","scores":[{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86175","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86195","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02706","scoring_system":"epss","scoring_elements":"0.86194","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1954"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315569","reference_id":"1315569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954","reference_id":"CVE-2016-1954","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17","reference_id":"mfsa2016-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1954"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/247?format=json","vulnerability_id":"VCID-e35v-ppxg-tkd1","summary":"Mozilla developers and community members Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, and Carsten Book reported memory safety bugs present in Firefox 48 and Firefox ESR 45.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5257.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5257","reference_id":"","reference_type":"","scores":[{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76188","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76168","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76193","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00909","scoring_system":"epss","scoring_elements":"0.76195","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377543","reference_id":"1377543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377543"},{"reference_url":"https://security.archlinux.org/ASA-201609-22","reference_id":"ASA-201609-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-22"},{"reference_url":"https://security.archlinux.org/AVG-24","reference_id":"AVG-24","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-24"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85","reference_id":"mfsa2016-85","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-85"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86","reference_id":"mfsa2016-86","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-86"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88","reference_id":"mfsa2016-88","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-88"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1912","reference_id":"RHSA-2016:1912","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1912"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1985","reference_id":"RHSA-2016:1985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1985"},{"reference_url":"https://usn.ubuntu.com/3076-1/","reference_id":"USN-3076-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3076-1/"},{"reference_url":"https://usn.ubuntu.com/3112-1/","reference_id":"USN-3112-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3112-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5257"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e35v-ppxg-tkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1938?format=json","vulnerability_id":"VCID-eefa-gdnq-8kb7","summary":"Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2836.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2836.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2836","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67776","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67729","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67766","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.6777","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2836"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1361974","reference_id":"1361974","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1361974"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836","reference_id":"CVE-2016-2836","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62","reference_id":"mfsa2016-62","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-62"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1551","reference_id":"RHSA-2016:1551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1551"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1809","reference_id":"RHSA-2016:1809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1809"},{"reference_url":"https://usn.ubuntu.com/3044-1/","reference_id":"USN-3044-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3044-1/"},{"reference_url":"https://usn.ubuntu.com/3073-1/","reference_id":"USN-3073-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3073-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2836"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eefa-gdnq-8kb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1968?format=json","vulnerability_id":"VCID-egv5-6c33-tfb9","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2805","reference_id":"","reference_type":"","scores":[{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.7637","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76397","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76399","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00922","scoring_system":"epss","scoring_elements":"0.76389","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2805"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330266","reference_id":"1330266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805","reference_id":"CVE-2016-2805","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1041","reference_id":"RHSA-2016:1041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1041"},{"reference_url":"https://usn.ubuntu.com/2973-1/","reference_id":"USN-2973-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2973-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-egv5-6c33-tfb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=json","vulnerability_id":"VCID-fam8-n44k-2qh7","summary":"Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1979.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1979","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72534","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72575","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72582","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72562","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1979"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315202","reference_id":"1315202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315202"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979","reference_id":"CVE-2016-1979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36","reference_id":"mfsa2016-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0591","reference_id":"RHSA-2016:0591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0684","reference_id":"RHSA-2016:0684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0685","reference_id":"RHSA-2016:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0685"},{"reference_url":"https://usn.ubuntu.com/2973-1/","reference_id":"USN-2973-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2973-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1979"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1864?format=json","vulnerability_id":"VCID-ftnc-qwd9-jubp","summary":"Security researcher Dominique Hazaël-Massieux reported a\nuse-after-free issue when using multiple WebRTC data channel connections. This causes a\npotentially exploitable crash when a data channel connection is freed from within a call\nthrough it.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1962","reference_id":"","reference_type":"","scores":[{"value":"0.02149","scoring_system":"epss","scoring_elements":"0.84559","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02149","scoring_system":"epss","scoring_elements":"0.84584","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02149","scoring_system":"epss","scoring_elements":"0.84588","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315578","reference_id":"1315578","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315578"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962","reference_id":"CVE-2016-1962","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25","reference_id":"mfsa2016-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1962"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnc-qwd9-jubp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1908?format=json","vulnerability_id":"VCID-fxjs-kgb3-6bb7","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2794","reference_id":"","reference_type":"","scores":[{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75641","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75669","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75672","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00875","scoring_system":"epss","scoring_elements":"0.75662","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794","reference_id":"CVE-2016-2794","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2794"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxjs-kgb3-6bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/513?format=json","vulnerability_id":"VCID-jc41-75ha-97c9","summary":"A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5401.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5401","reference_id":"","reference_type":"","scores":[{"value":"0.01865","scoring_system":"epss","scoring_elements":"0.83444","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01865","scoring_system":"epss","scoring_elements":"0.83421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01865","scoring_system":"epss","scoring_elements":"0.83446","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01865","scoring_system":"epss","scoring_elements":"0.83447","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429779","reference_id":"1429779","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429779"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5401"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc41-75ha-97c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=json","vulnerability_id":"VCID-jr76-2aht-uqb2","summary":"Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1961.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1961","reference_id":"","reference_type":"","scores":[{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73475","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73511","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73516","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00749","scoring_system":"epss","scoring_elements":"0.73504","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1961"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315577","reference_id":"1315577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961","reference_id":"CVE-2016-1961","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24","reference_id":"mfsa2016-24","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1961"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1906?format=json","vulnerability_id":"VCID-jubn-vjus-h3e8","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2792","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2792"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792","reference_id":"CVE-2016-2792","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2792"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jubn-vjus-h3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250?format=json","vulnerability_id":"VCID-k1rz-f92p-ducs","summary":"A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9079","reference_id":"","reference_type":"","scores":[{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99359","published_at":"2026-06-07T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99357","published_at":"2026-06-04T12:55:00Z"},{"value":"0.84813","scoring_system":"epss","scoring_elements":"0.99358","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1037370","reference_id":"1037370","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://www.securitytracker.com/id/1037370"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400376","reference_id":"1400376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1400376"},{"reference_url":"https://www.exploit-db.com/exploits/41151/","reference_id":"41151","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.exploit-db.com/exploits/41151/"},{"reference_url":"https://www.exploit-db.com/exploits/42327/","reference_id":"42327","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.exploit-db.com/exploits/42327/"},{"reference_url":"http://www.securityfocus.com/bid/94591","reference_id":"94591","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://www.securityfocus.com/bid/94591"},{"reference_url":"https://security.archlinux.org/ASA-201612-1","reference_id":"ASA-201612-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-1"},{"reference_url":"https://security.archlinux.org/ASA-201612-2","reference_id":"ASA-201612-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-2"},{"reference_url":"https://security.archlinux.org/AVG-90","reference_id":"AVG-90","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-90"},{"reference_url":"https://security.archlinux.org/AVG-91","reference_id":"AVG-91","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-91"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb","reference_id":"CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb","reference_id":"CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html","reference_id":"CVE-2017-5375;CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html"},{"reference_url":"https://rh0dev.github.io/blog/2017/the-return-of-the-jit/","reference_id":"CVE-2017-5375;CVE-2016-9079","reference_type":"exploit","scores":[],"url":"https://rh0dev.github.io/blog/2017/the-return-of-the-jit/"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"dsa-3730","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://security.gentoo.org/glsa/201701-35","reference_id":"GLSA-201701-35","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://security.gentoo.org/glsa/201701-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92","reference_id":"mfsa2016-92","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-92/","reference_id":"mfsa2016-92","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2016-92/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2843","reference_id":"RHSA-2016:2843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2843"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2843.html","reference_id":"RHSA-2016-2843.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2843.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2850","reference_id":"RHSA-2016:2850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2850"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2850.html","reference_id":"RHSA-2016-2850.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2850.html"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066","reference_id":"show_bug.cgi?id=1321066","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"},{"reference_url":"https://usn.ubuntu.com/3140-1/","reference_id":"USN-3140-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3140-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9079"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1rz-f92p-ducs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1913?format=json","vulnerability_id":"VCID-kcpz-uwq4-skf4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2799.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2799","reference_id":"","reference_type":"","scores":[{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.711","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71143","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71149","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00646","scoring_system":"epss","scoring_elements":"0.71132","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2799"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799","reference_id":"CVE-2016-2799","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2799"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcpz-uwq4-skf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/235?format=json","vulnerability_id":"VCID-kkjv-tyxm-6ub7","summary":"Mozilla developers and community members Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup reported memory safety bugs present in Thunderbird ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5290","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395066","reference_id":"1395066","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395066"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2825","reference_id":"RHSA-2016:2825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2825"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5290"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkjv-tyxm-6ub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1911?format=json","vulnerability_id":"VCID-ksda-d24x-8bcf","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2797.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2797","reference_id":"","reference_type":"","scores":[{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68711","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68751","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00562","scoring_system":"epss","scoring_elements":"0.68759","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2797"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797","reference_id":"CVE-2016-2797","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2797"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksda-d24x-8bcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/222?format=json","vulnerability_id":"VCID-m1ve-ttqh-3ucn","summary":"External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9900.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9900","reference_id":"","reference_type":"","scores":[{"value":"0.01417","scoring_system":"epss","scoring_elements":"0.8094","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01417","scoring_system":"epss","scoring_elements":"0.80913","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01417","scoring_system":"epss","scoring_elements":"0.80941","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01417","scoring_system":"epss","scoring_elements":"0.80943","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404090","reference_id":"1404090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404090"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2973","reference_id":"RHSA-2016:2973","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2973"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9900"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1ve-ttqh-3ucn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/535?format=json","vulnerability_id":"VCID-m2ee-rr9r-u3ge","summary":"Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5405.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5405.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5405","reference_id":"","reference_type":"","scores":[{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.85218","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.85194","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.85219","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02352","scoring_system":"epss","scoring_elements":"0.85224","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429785","reference_id":"1429785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429785"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5405"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m2ee-rr9r-u3ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/542?format=json","vulnerability_id":"VCID-m7n2-1ppv-jfcm","summary":"Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object’s address can be discovered through hash codes, and also allows for data leakage of an object’s content using these hash codes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5378.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5378","reference_id":"","reference_type":"","scores":[{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82032","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.81996","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.8203","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01592","scoring_system":"epss","scoring_elements":"0.82031","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416273","reference_id":"1416273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416273"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5378"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m7n2-1ppv-jfcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=json","vulnerability_id":"VCID-mxj9-cgmx-zkg9","summary":"Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1964.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1964","reference_id":"","reference_type":"","scores":[{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72412","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72453","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72461","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00701","scoring_system":"epss","scoring_elements":"0.72441","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1964"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315774","reference_id":"1315774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315774"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964","reference_id":"CVE-2016-1964","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27","reference_id":"mfsa2016-27","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-1964"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/544?format=json","vulnerability_id":"VCID-n9bg-836z-abb8","summary":"The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5390.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5390","reference_id":"","reference_type":"","scores":[{"value":"0.01911","scoring_system":"epss","scoring_elements":"0.83648","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01911","scoring_system":"epss","scoring_elements":"0.83626","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01911","scoring_system":"epss","scoring_elements":"0.83651","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416279","reference_id":"1416279","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416279"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5390"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9bg-836z-abb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/518?format=json","vulnerability_id":"VCID-nv26-s56m-vkdh","summary":"Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5407.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5407","reference_id":"","reference_type":"","scores":[{"value":"0.01045","scoring_system":"epss","scoring_elements":"0.77848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01045","scoring_system":"epss","scoring_elements":"0.77824","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01045","scoring_system":"epss","scoring_elements":"0.77851","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01045","scoring_system":"epss","scoring_elements":"0.77857","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429782","reference_id":"1429782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429782"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5407"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv26-s56m-vkdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1910?format=json","vulnerability_id":"VCID-s874-n3jb-23h1","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2796","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68794","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68842","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68834","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2796"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796","reference_id":"CVE-2016-2796","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2796"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s874-n3jb-23h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1966?format=json","vulnerability_id":"VCID-ta8f-s9rp-dqc3","summary":"Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2806.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2806.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2806","reference_id":"","reference_type":"","scores":[{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83029","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83056","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01777","scoring_system":"epss","scoring_elements":"0.83052","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2806"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330270","reference_id":"1330270","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806","reference_id":"CVE-2016-2806","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39","reference_id":"mfsa2016-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0695","reference_id":"RHSA-2016:0695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0695"},{"reference_url":"https://usn.ubuntu.com/2936-1/","reference_id":"USN-2936-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2936-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2806"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ta8f-s9rp-dqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/221?format=json","vulnerability_id":"VCID-vdup-4rw5-bke7","summary":"Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9898.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9898","reference_id":"","reference_type":"","scores":[{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85927","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85902","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02604","scoring_system":"epss","scoring_elements":"0.85924","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404089","reference_id":"1404089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404089"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9898"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdup-4rw5-bke7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/249?format=json","vulnerability_id":"VCID-vfzf-pypu-qufk","summary":"A potentially exploitable crash in EnumerateSubDocuments while adding or removing sub-documents.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9905.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9905","reference_id":"","reference_type":"","scores":[{"value":"0.01174","scoring_system":"epss","scoring_elements":"0.7906","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01174","scoring_system":"epss","scoring_elements":"0.79057","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01174","scoring_system":"epss","scoring_elements":"0.79034","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01174","scoring_system":"epss","scoring_elements":"0.79066","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404094","reference_id":"1404094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404094"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2973","reference_id":"RHSA-2016:2973","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2973"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9905"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfzf-pypu-qufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/231?format=json","vulnerability_id":"VCID-vhgu-g4te-7bff","summary":"An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5297","reference_id":"","reference_type":"","scores":[{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83231","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83232","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395058","reference_id":"1395058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395058"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-5297"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhgu-g4te-7bff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1897?format=json","vulnerability_id":"VCID-w3p3-evn1-eqgm","summary":"Mozilla developers and community members reported several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these bugs showed\nevidence of memory corruption under certain circumstances, and we presume that with enough\neffort at least some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2818.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2818.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2818","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52455","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52523","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52503","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2818"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1342887","reference_id":"1342887","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1342887"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818","reference_id":"CVE-2016-2818","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-49","reference_id":"mfsa2016-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1217","reference_id":"RHSA-2016:1217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1392","reference_id":"RHSA-2016:1392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1392"},{"reference_url":"https://usn.ubuntu.com/2993-1/","reference_id":"USN-2993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2993-1/"},{"reference_url":"https://usn.ubuntu.com/3023-1/","reference_id":"USN-3023-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3023-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2818"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3p3-evn1-eqgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/220?format=json","vulnerability_id":"VCID-wbtg-ecpe-8bcy","summary":"Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9897","reference_id":"","reference_type":"","scores":[{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.8858","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88561","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88578","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88581","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404087","reference_id":"1404087","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404087"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9897"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbtg-ecpe-8bcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1915?format=json","vulnerability_id":"VCID-wd34-8uw6-2uh4","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2801.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2801","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801","reference_id":"CVE-2016-2801","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2801"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wd34-8uw6-2uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/514?format=json","vulnerability_id":"VCID-wx4s-73zs-cfap","summary":"A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5402.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5402","reference_id":"","reference_type":"","scores":[{"value":"0.02557","scoring_system":"epss","scoring_elements":"0.85803","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02557","scoring_system":"epss","scoring_elements":"0.85782","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02557","scoring_system":"epss","scoring_elements":"0.85804","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02557","scoring_system":"epss","scoring_elements":"0.85807","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429780","reference_id":"1429780","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429780"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5402"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wx4s-73zs-cfap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/234?format=json","vulnerability_id":"VCID-x4x5-44xh-6uat","summary":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9074","reference_id":"","reference_type":"","scores":[{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79457","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79459","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79465","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396548","reference_id":"1396548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396548"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://usn.ubuntu.com/3163-1/","reference_id":"USN-3163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9074"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1914?format=json","vulnerability_id":"VCID-xmkv-47hn-43ck","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2800","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2800"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800","reference_id":"CVE-2016-2800","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2800"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmkv-47hn-43ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/516?format=json","vulnerability_id":"VCID-xtbe-gv4p-23fn","summary":"A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5404.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5404","reference_id":"","reference_type":"","scores":[{"value":"0.26462","scoring_system":"epss","scoring_elements":"0.96433","published_at":"2026-06-07T12:55:00Z"},{"value":"0.26462","scoring_system":"epss","scoring_elements":"0.96423","published_at":"2026-06-04T12:55:00Z"},{"value":"0.26462","scoring_system":"epss","scoring_elements":"0.96427","published_at":"2026-06-05T12:55:00Z"},{"value":"0.26462","scoring_system":"epss","scoring_elements":"0.96431","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429781","reference_id":"1429781","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429781"},{"reference_url":"https://security.archlinux.org/ASA-201703-2","reference_id":"ASA-201703-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-2"},{"reference_url":"https://security.archlinux.org/ASA-201703-3","reference_id":"ASA-201703-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201703-3"},{"reference_url":"https://security.archlinux.org/AVG-193","reference_id":"AVG-193","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-193"},{"reference_url":"https://security.archlinux.org/AVG-194","reference_id":"AVG-194","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-194"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1130","reference_id":"CVE-2017-5404;MFSA2017-05","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1130"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41660.html","reference_id":"CVE-2017-5404;MFSA2017-05","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/41660.html"},{"reference_url":"https://security.gentoo.org/glsa/201705-06","reference_id":"GLSA-201705-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-06"},{"reference_url":"https://security.gentoo.org/glsa/201705-07","reference_id":"GLSA-201705-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05","reference_id":"mfsa2017-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06","reference_id":"mfsa2017-06","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07","reference_id":"mfsa2017-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09","reference_id":"mfsa2017-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0459","reference_id":"RHSA-2017:0459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0461","reference_id":"RHSA-2017:0461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0498","reference_id":"RHSA-2017:0498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0498"},{"reference_url":"https://usn.ubuntu.com/3216-1/","reference_id":"USN-3216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3216-1/"},{"reference_url":"https://usn.ubuntu.com/3233-1/","reference_id":"USN-3233-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3233-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5404"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xtbe-gv4p-23fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/543?format=json","vulnerability_id":"VCID-yk3y-5my9-auak","summary":"A potential use-after-free found through fuzzing during DOM manipulation of SVG content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5380.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5380","reference_id":"","reference_type":"","scores":[{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83223","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.83249","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01823","scoring_system":"epss","scoring_elements":"0.8325","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416274","reference_id":"1416274","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416274"},{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/ASA-201701-40","reference_id":"ASA-201701-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-40"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://security.archlinux.org/AVG-158","reference_id":"AVG-158","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-158"},{"reference_url":"https://security.gentoo.org/glsa/201702-13","reference_id":"GLSA-201702-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-13"},{"reference_url":"https://security.gentoo.org/glsa/201702-22","reference_id":"GLSA-201702-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201702-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02","reference_id":"mfsa2017-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03","reference_id":"mfsa2017-03","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0190","reference_id":"RHSA-2017:0190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0238","reference_id":"RHSA-2017:0238","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0238"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"},{"reference_url":"https://usn.ubuntu.com/3175-1/","reference_id":"USN-3175-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3175-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2017-5380"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yk3y-5my9-auak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1909?format=json","vulnerability_id":"VCID-yssr-7m7d-b7fh","summary":"Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2795","reference_id":"","reference_type":"","scores":[{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68793","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00565","scoring_system":"epss","scoring_elements":"0.68841","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2795"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795","reference_id":"1315795","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795","reference_id":"CVE-2016-2795","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-63","reference_id":"GLSA-201701-63","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-63"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37","reference_id":"mfsa2016-37","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0373","reference_id":"RHSA-2016:0373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0460","reference_id":"RHSA-2016:0460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0460"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2927-1/","reference_id":"USN-2927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2927-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4048?format=json","purl":"pkg:deb/debian/icedove@38.7.0-1~deb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-1bx2-4ka7-w3cr"},{"vulnerability":"VCID-1es7-pnwd-pfdw"},{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2dx6-ehwy-xubu"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-3uny-z4bs-9bfk"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-4cyw-yxhd-77af"},{"vulnerability":"VCID-4eg8-dc82-fqd6"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4hgx-k5jn-ckeu"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-4r11-gv5n-rbhb"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-6xqg-t9fu-2kfk"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7hry-whqg-97gm"},{"vulnerability":"VCID-86p5-m5xh-wba9"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-9hcm-h8uk-xygz"},{"vulnerability":"VCID-9tuh-j2va-53hy"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-a5ee-c6f4-tufu"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-b1zu-35mw-jkdg"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-cr9v-b95v-eyha"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-dhjd-31cm-1fh6"},{"vulnerability":"VCID-dxam-cewh-63dt"},{"vulnerability":"VCID-e35v-ppxg-tkd1"},{"vulnerability":"VCID-eefa-gdnq-8kb7"},{"vulnerability":"VCID-egv5-6c33-tfb9"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-ftnc-qwd9-jubp"},{"vulnerability":"VCID-fxjs-kgb3-6bb7"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-jr76-2aht-uqb2"},{"vulnerability":"VCID-jubn-vjus-h3e8"},{"vulnerability":"VCID-k1rz-f92p-ducs"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-kcpz-uwq4-skf4"},{"vulnerability":"VCID-kkjv-tyxm-6ub7"},{"vulnerability":"VCID-ksda-d24x-8bcf"},{"vulnerability":"VCID-m1ve-ttqh-3ucn"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-mxj9-cgmx-zkg9"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s874-n3jb-23h1"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-ta8f-s9rp-dqc3"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vdup-4rw5-bke7"},{"vulnerability":"VCID-vfzf-pypu-qufk"},{"vulnerability":"VCID-vhgu-g4te-7bff"},{"vulnerability":"VCID-w3p3-evn1-eqgm"},{"vulnerability":"VCID-wbtg-ecpe-8bcy"},{"vulnerability":"VCID-wd34-8uw6-2uh4"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xmkv-47hn-43ck"},{"vulnerability":"VCID-xtbe-gv4p-23fn"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-yssr-7m7d-b7fh"},{"vulnerability":"VCID-zakg-k4hk-fyhm"},{"vulnerability":"VCID-zbxg-zh9z-n7gg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@38.7.0-1~deb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-2795"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yssr-7m7d-b7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/223?format=json","vulnerability_id":"VCID-zbxg-zh9z-n7gg","summary":"An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9904.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9904","reference_id":"","reference_type":"","scores":[{"value":"0.01192","scoring_system":"epss","scoring_elements":"0.79206","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01192","scoring_system":"epss","scoring_elements":"0.79182","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01192","scoring_system":"epss","scoring_elements":"0.79208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01192","scoring_system":"epss","scoring_elements":"0.79214","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404091","reference_id":"1404091","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404091"},{"reference_url":"https://security.archlinux.org/ASA-201612-15","reference_id":"ASA-201612-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201612-15"},{"reference_url":"https://security.archlinux.org/AVG-106","reference_id":"AVG-106","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-106"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94","reference_id":"mfsa2016-94","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-94"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95","reference_id":"mfsa2016-95","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-95"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96","reference_id":"mfsa2016-96","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-96"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2946","reference_id":"RHSA-2016:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2946"},{"reference_url":"https://usn.ubuntu.com/3155-1/","reference_id":"USN-3155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3155-1/"},{"reference_url":"https://usn.ubuntu.com/3165-1/","reference_id":"USN-3165-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3165-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4201?format=json","purl":"pkg:deb/debian/icedove@1:45.8.0-3~deb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j25-aujy-1fb3"},{"vulnerability":"VCID-1qr1-6zdx-fqd1"},{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-2ep2-61mb-cbd3"},{"vulnerability":"VCID-2nfu-kf32-myag"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-6pr4-1zfj-9ydj"},{"vulnerability":"VCID-6s7e-79u3-h7ed"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-8hfq-xxg6-tue8"},{"vulnerability":"VCID-abde-jm4w-5yde"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-bxpd-zacn-8bfv"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-njra-xv9f-ffck"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-ppw9-56ha-2bhm"},{"vulnerability":"VCID-s4se-eex7-h7a6"},{"vulnerability":"VCID-s8cd-xy2t-vyem"},{"vulnerability":"VCID-u7r9-ukbq-mkb4"},{"vulnerability":"VCID-uaga-tye9-gqg1"},{"vulnerability":"VCID-uh5h-t12y-h3b1"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-wxca-7hua-tubu"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-zakg-k4hk-fyhm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}],"aliases":["CVE-2016-9904"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbxg-zh9z-n7gg"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icedove@1:45.8.0-3~deb8u1"}