{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","type":"deb","namespace":"debian","name":"firefox","version":"50.0-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"50.0.2-1","latest_non_vulnerable_version":"150.0.3-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62678?format=json","vulnerability_id":"VCID-1ur2-g3su-pqd3","summary":"A Cliqz.com developer demonstrated that web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5288.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5288.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5288","reference_id":"","reference_type":"","scores":[{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72465","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.727","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72648","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72612","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72638","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72692","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.7247","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72488","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72464","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72502","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72515","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72538","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.7252","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72511","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72553","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72563","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72595","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72604","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72601","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72593","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00722","scoring_system":"epss","scoring_elements":"0.72623","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5288"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1310183","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1310183"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-87/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-87/"},{"reference_url":"http://www.securityfocus.com/bid/93810","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93810"},{"reference_url":"http://www.securitytracker.com/id/1037077","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387588","reference_id":"1387588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387588"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5288","reference_id":"CVE-2016-5288","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5288"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-87","reference_id":"mfsa2016-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-87"},{"reference_url":"https://usn.ubuntu.com/3111-1/","reference_id":"USN-3111-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3111-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5288"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ur2-g3su-pqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56746?format=json","vulnerability_id":"VCID-3dea-vjmc-b7eb","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5297.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5297","reference_id":"","reference_type":"","scores":[{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83058","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82931","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82935","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82956","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82976","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82997","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83012","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.83048","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82795","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82825","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82821","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82846","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82853","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82869","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82864","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.8286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82898","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.829","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01818","scoring_system":"epss","scoring_elements":"0.82921","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5297"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303678"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395058","reference_id":"1395058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395058"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5297","reference_id":"CVE-2016-5297","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5297"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5297"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dea-vjmc-b7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62659?format=json","vulnerability_id":"VCID-47dr-szw4-ryfr","summary":"During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5292.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5292","reference_id":"","reference_type":"","scores":[{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74956","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75185","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75112","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75137","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75118","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75127","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75179","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74997","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75009","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75031","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.7501","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.74999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75035","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75043","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75032","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.7507","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75075","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75086","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5292"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1288482"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395057","reference_id":"1395057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395057"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5292","reference_id":"CVE-2016-5292","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5292"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5292"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-47dr-szw4-ryfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56742?format=json","vulnerability_id":"VCID-545u-wnrj-z3dh","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5291.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5291","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10985","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10813","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10751","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10695","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1083","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10902","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10887","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10984","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10797","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10932","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10997","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10822","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1095","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10951","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10918","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10895","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.1076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10773","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10894","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.10853","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5291"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395065","reference_id":"1395065","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395065"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5291","reference_id":"CVE-2016-5291","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:C/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5291"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5291"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-545u-wnrj-z3dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62664?format=json","vulnerability_id":"VCID-6cde-35h4-vqaj","summary":"An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9075.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9075","reference_id":"","reference_type":"","scores":[{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85417","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85658","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85585","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85604","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.856","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85613","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85649","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85429","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85449","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85452","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85472","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85495","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.8549","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85513","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85518","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85515","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85537","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85546","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85545","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85562","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9075"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1295324"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395101","reference_id":"1395101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395101"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9075","reference_id":"CVE-2016-9075","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9075"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9075"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cde-35h4-vqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62674?format=json","vulnerability_id":"VCID-6pk2-g77j-h3b2","summary":"An integer overflow during the parsing of XML using the Expat library.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9063.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9063","reference_id":"","reference_type":"","scores":[{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85074","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85195","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85198","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85165","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85167","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85166","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85145","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85086","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85129","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85136","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85148","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02427","scoring_system":"epss","scoring_elements":"0.85151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.86066","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85967","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.85989","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.86007","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.86005","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.86018","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0271","scoring_system":"epss","scoring_elements":"0.86056","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9063"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1274777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2017/dsa-3898","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3898"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"http://www.securitytracker.com/id/1039427","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039427"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396540","reference_id":"1396540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396540"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/ASA-201706-32","reference_id":"ASA-201706-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-32"},{"reference_url":"https://security.archlinux.org/ASA-201707-27","reference_id":"ASA-201707-27","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-27"},{"reference_url":"https://security.archlinux.org/AVG-305","reference_id":"AVG-305","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-305"},{"reference_url":"https://security.archlinux.org/AVG-306","reference_id":"AVG-306","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-306"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9063","reference_id":"CVE-2016-9063","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9063"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9063"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6pk2-g77j-h3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62671?format=json","vulnerability_id":"VCID-9gcq-8grt-vfhc","summary":"A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9070.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9070","reference_id":"","reference_type":"","scores":[{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71931","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71838","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71871","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71836","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71865","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71922","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71717","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71729","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71741","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71748","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71774","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.7178","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.7181","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71815","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71819","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00688","scoring_system":"epss","scoring_elements":"0.71805","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9070"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281071"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396549","reference_id":"1396549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396549"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9070","reference_id":"CVE-2016-9070","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9070"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9070"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gcq-8grt-vfhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84770?format=json","vulnerability_id":"VCID-9vy1-km8x-9fd3","summary":"firefox: Heap use-after-free in nsINode::ReplaceOrInsertBefore","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9069.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9069","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48549","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48591","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48614","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.4862","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48633","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48607","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48619","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48669","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48664","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48605","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48565","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48481","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48542","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48568","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48513","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48543","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48638","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396539","reference_id":"1396539","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396539"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9069"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9vy1-km8x-9fd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62677?format=json","vulnerability_id":"VCID-cqtb-7t8w-rug2","summary":"A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5287.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5287","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68295","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68559","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68499","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68465","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68491","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68548","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68315","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68311","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68362","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68379","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68405","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68393","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68399","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68411","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68389","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68437","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68441","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68444","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68422","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68463","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5287"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1309823","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1309823"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-87/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-87/"},{"reference_url":"http://www.securityfocus.com/bid/93811","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93811"},{"reference_url":"http://www.securitytracker.com/id/1037077","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037077"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387586","reference_id":"1387586","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387586"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5287","reference_id":"CVE-2016-5287","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5287"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-87","reference_id":"mfsa2016-87","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-87"},{"reference_url":"https://usn.ubuntu.com/3111-1/","reference_id":"USN-3111-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3111-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqtb-7t8w-rug2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62665?format=json","vulnerability_id":"VCID-f8wd-xgwu-8kgm","summary":"Canvas allows the use of the feDisplacementMap filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9077.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9077","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38292","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37964","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37975","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37986","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.379","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37876","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37953","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.3843","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38454","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38318","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38368","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38376","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38393","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38356","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38331","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38379","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38358","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38295","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38136","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38019","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.37904","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9077"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1298552"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395099","reference_id":"1395099","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395099"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9077","reference_id":"CVE-2016-9077","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9077"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9077"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f8wd-xgwu-8kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62662?format=json","vulnerability_id":"VCID-jvy8-w1m2-ayaw","summary":"A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9068.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9068","reference_id":"","reference_type":"","scores":[{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82589","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82486","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82508","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82528","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82526","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82543","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82583","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82353","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82348","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82375","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82401","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82397","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82392","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82426","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82463","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01719","scoring_system":"epss","scoring_elements":"0.82467","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9068"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1302973"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396542","reference_id":"1396542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396542"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9068","reference_id":"CVE-2016-9068","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9068"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9068"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvy8-w1m2-ayaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62675?format=json","vulnerability_id":"VCID-mdpv-kcbb-9ubj","summary":"Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9071.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9071","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49312","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49212","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49241","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49191","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49292","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49239","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49267","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49219","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49273","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49269","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49288","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49261","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49266","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49313","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.4931","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49279","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49276","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49235","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49149","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9071"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1285003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395100","reference_id":"1395100","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395100"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9071","reference_id":"CVE-2016-9071","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9071"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9071"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdpv-kcbb-9ubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62661?format=json","vulnerability_id":"VCID-pybp-xzy7-q3a8","summary":"Two use-after-free errors during DOM operations resulting in potentially exploitable crashes.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9067.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9067","reference_id":"","reference_type":"","scores":[{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80097","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.8034","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80266","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80282","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80278","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80295","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80336","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80112","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.8014","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80166","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.8015","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80142","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80172","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80175","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80204","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80229","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01358","scoring_system":"epss","scoring_elements":"0.80244","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9067"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1301777"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1308922"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396539","reference_id":"1396539","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396539"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9067","reference_id":"CVE-2016-9067","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9067"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9067"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pybp-xzy7-q3a8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56741?format=json","vulnerability_id":"VCID-qptm-f15t-57gj","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2825.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2825.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5290.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5290","reference_id":"","reference_type":"","scores":[{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83323","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83188","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83195","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83219","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83241","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83261","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83277","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83311","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83081","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83103","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83111","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83127","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83121","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83154","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83155","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01874","scoring_system":"epss","scoring_elements":"0.83181","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5290"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1309720%2C1297062%2C1303710%2C1018486%2C1292590%2C1301343%2C1301496%2C1308048%2C1308346%2C1299519%2C1286911%2C1298169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94335","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94335"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395066","reference_id":"1395066","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395066"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5290","reference_id":"CVE-2016-5290","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5290"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2825","reference_id":"RHSA-2016:2825","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2825"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5290"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qptm-f15t-57gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62676?format=json","vulnerability_id":"VCID-rz6b-kepf-cfg9","summary":"Mozilla developers and community members Christian Holler, Andrew McCreight, Dan Minor, Tyson Smith, Jon Coppeard, Jan-Ivar Bruaroey, Jesse Ruderman, and Markus Stange reported memory safety bugs present in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5289","reference_id":"","reference_type":"","scores":[{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82765","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.83028","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82947","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82968","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82967","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82982","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.83019","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82791","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82822","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82834","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82869","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82871","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82893","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82902","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82907","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01811","scoring_system":"epss","scoring_elements":"0.82927","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5289"},{"reference_url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1296649%2C1298107%2C1300129%2C1305876%2C1314667%2C1301252%2C1277866%2C1307254%2C1252511%2C1264053"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395098","reference_id":"1395098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395098"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5289","reference_id":"CVE-2016-5289","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5289"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5289"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rz6b-kepf-cfg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56747?format=json","vulnerability_id":"VCID-swmb-24y4-1kau","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9064.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9064","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50809","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5073","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50651","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50736","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5069","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50723","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50797","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50704","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50783","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50739","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50795","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50792","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50835","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50811","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50796","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50767","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50776","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9064"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1303418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395060","reference_id":"1395060","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395060"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9064","reference_id":"CVE-2016-9064","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9064"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9064"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swmb-24y4-1kau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56748?format=json","vulnerability_id":"VCID-tgya-wnfn-t7eb","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9066.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9066","reference_id":"","reference_type":"","scores":[{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95646","published_at":"2026-05-15T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95611","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95615","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95621","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95627","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95632","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95645","published_at":"2026-05-14T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95544","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95553","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95558","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95568","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95571","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95578","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95587","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95593","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20609","scoring_system":"epss","scoring_elements":"0.95594","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9066"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1299686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94336","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94336"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395061","reference_id":"1395061","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395061"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9066","reference_id":"CVE-2016-9066","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9066"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9066"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgya-wnfn-t7eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62672?format=json","vulnerability_id":"VCID-v28j-cvrw-p3c7","summary":"WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9073","reference_id":"","reference_type":"","scores":[{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7412","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74342","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7427","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74294","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74257","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7428","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74336","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74125","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74151","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74156","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74174","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74205","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74214","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74206","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.7425","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00807","scoring_system":"epss","scoring_elements":"0.74242","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9073"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1289273"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396545","reference_id":"1396545","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396545"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9073","reference_id":"CVE-2016-9073","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9073"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9073"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v28j-cvrw-p3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56745?format=json","vulnerability_id":"VCID-yegk-sgdn-z3ae","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2780.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5296.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5296","reference_id":"","reference_type":"","scores":[{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85707","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85597","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85614","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85637","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85655","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85649","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85662","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85698","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85469","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85481","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85498","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85502","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85522","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85545","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85544","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.8554","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85563","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85569","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85565","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85586","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0257","scoring_system":"epss","scoring_elements":"0.85596","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5296"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1292443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94339","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94339"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395055","reference_id":"1395055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395055"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5296","reference_id":"CVE-2016-5296","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5296"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2780","reference_id":"RHSA-2016:2780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2780"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"},{"reference_url":"https://usn.ubuntu.com/3141-1/","reference_id":"USN-3141-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3141-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-5296"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yegk-sgdn-z3ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62673?format=json","vulnerability_id":"VCID-yy4z-p3f1-qbbc","summary":"An issue where a <select> dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9076.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9076","reference_id":"","reference_type":"","scores":[{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67067","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67317","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67209","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67247","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67219","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67243","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67305","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67127","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67102","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67152","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67164","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67183","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67172","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67186","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67167","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67188","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00528","scoring_system":"epss","scoring_elements":"0.67199","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9076"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1276976"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"http://www.securityfocus.com/bid/94337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94337"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396537","reference_id":"1396537","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396537"},{"reference_url":"https://security.archlinux.org/ASA-201611-16","reference_id":"ASA-201611-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201611-16"},{"reference_url":"https://security.archlinux.org/AVG-72","reference_id":"AVG-72","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-72"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9076","reference_id":"CVE-2016-9076","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9076"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://usn.ubuntu.com/3124-1/","reference_id":"USN-3124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582172?format=json","purl":"pkg:deb/debian/firefox@50.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582059?format=json","purl":"pkg:deb/debian/firefox@149.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1059611?format=json","purl":"pkg:deb/debian/firefox@149.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1076056?format=json","purl":"pkg:deb/debian/firefox@150.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1088670?format=json","purl":"pkg:deb/debian/firefox@150.0.1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1105248?format=json","purl":"pkg:deb/debian/firefox@150.0.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1112518?format=json","purl":"pkg:deb/debian/firefox@150.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0.3-1%3Fdistro=sid"}],"aliases":["CVE-2016-9076"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy4z-p3f1-qbbc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0-1%3Fdistro=sid"}