Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jmq5-4n83-nffw

Summary arbitrary code execution

Aliases

alias	CVE-2016-9079

Fixed_packages

url pkg:alpm/archlinux/firefox@50.0.2-1

purl pkg:alpm/archlinux/firefox@50.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ej9-utsz-u7b9

vulnerability	VCID-58q3-np68-bbey

vulnerability	VCID-6vcq-8xq7-qbay

vulnerability	VCID-77hc-zdvp-aucu

vulnerability	VCID-9ahb-kc27-nyf4

vulnerability	VCID-c2vx-sjq1-nffw

vulnerability	VCID-dfc7-yzyg-3bat

vulnerability	VCID-ptsk-8nru-tkha

vulnerability	VCID-r1sj-t3v4-skcb

vulnerability	VCID-udta-hgj2-ffet

vulnerability	VCID-vmwa-u264-e3hz

vulnerability	VCID-vrz7-r89u-xqa6

vulnerability	VCID-ycsq-ag1f-j7gs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1

url	pkg:alpm/archlinux/thunderbird@45.5.1-1
purl	pkg:alpm/archlinux/thunderbird@45.5.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@45.5.1-1

url	pkg:deb/debian/firefox@50.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@50.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@50.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.2-1%3Fdistro=sid

url	pkg:deb/debian/firefox-esr@45.5.1esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@45.5.1esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@45.5.1esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8n69-6muc-dqae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8n69-6muc-dqae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8n69-6muc-dqae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

url	pkg:ebuild/mail-client/thunderbird@45.6.0
purl	pkg:ebuild/mail-client/thunderbird@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@45.6.0

url	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
purl	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@45.6.0

url	pkg:ebuild/www-client/firefox@45.6.0
purl	pkg:ebuild/www-client/firefox@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@45.6.0

url	pkg:ebuild/www-client/firefox-bin@45.6.0
purl	pkg:ebuild/www-client/firefox-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@45.6.0

url	pkg:ebuild/www-client/seamonkey@2.46-r1
purl	pkg:ebuild/www-client/seamonkey@2.46-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@2.46-r1

url	pkg:ebuild/www-client/seamonkey-bin@2.46
purl	pkg:ebuild/www-client/seamonkey-bin@2.46
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@2.46

url	pkg:ebuild/www-client/seamonkey-bin@2.46-r1
purl	pkg:ebuild/www-client/seamonkey-bin@2.46-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@2.46-r1

url	pkg:mozilla/Firefox@50.0.2
purl	pkg:mozilla/Firefox@50.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@50.0.2

url	pkg:mozilla/Firefox%20ESR@45.5.1
purl	pkg:mozilla/Firefox%20ESR@45.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.5.1

url	pkg:mozilla/Thunderbird@45.5.1
purl	pkg:mozilla/Thunderbird@45.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.5.1

Affected_packages

url pkg:alpm/archlinux/firefox@50.0-1

purl pkg:alpm/archlinux/firefox@50.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jmq5-4n83-nffw

vulnerability	VCID-r87a-q6x9-qkcv

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1

url pkg:alpm/archlinux/thunderbird@45.5.0-1

purl pkg:alpm/archlinux/thunderbird@45.5.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-jmq5-4n83-nffw

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@45.5.0-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9079

reference_id

reference_type

scores

value	0.84813
scoring_system	epss
scoring_elements	0.99356
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.securitytracker.com/id/1037370

reference_id

1037370

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://www.securitytracker.com/id/1037370

reference_url

https://www.exploit-db.com/exploits/41151/

reference_id

41151

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.exploit-db.com/exploits/41151/

reference_url

https://www.exploit-db.com/exploits/42327/

reference_id

42327

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.exploit-db.com/exploits/42327/

reference_url

http://www.securityfocus.com/bid/94591

reference_id

94591

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://www.securityfocus.com/bid/94591

reference_url	https://security.archlinux.org/ASA-201612-1
reference_id	ASA-201612-1
reference_type
scores
url	https://security.archlinux.org/ASA-201612-1

reference_url	https://security.archlinux.org/ASA-201612-2
reference_id	ASA-201612-2
reference_type
scores
url	https://security.archlinux.org/ASA-201612-2

reference_url

https://security.archlinux.org/AVG-90

reference_id

AVG-90

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-90

reference_url

https://security.archlinux.org/AVG-91

reference_id

AVG-91

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-91

reference_url	https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb
reference_id	CVE-2016-9079
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb
reference_id	CVE-2016-9079
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html
reference_id	CVE-2017-5375;CVE-2016-9079
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html

reference_url	https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
reference_id	CVE-2017-5375;CVE-2016-9079
reference_type	exploit
scores
url	https://rh0dev.github.io/blog/2017/the-return-of-the-jit/

reference_url

https://www.debian.org/security/2016/dsa-3730

reference_id

dsa-3730

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.debian.org/security/2016/dsa-3730

reference_url

https://security.gentoo.org/glsa/201701-15

reference_id

GLSA-201701-15

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://security.gentoo.org/glsa/201701-15

reference_url

https://security.gentoo.org/glsa/201701-35

reference_id

GLSA-201701-35

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://security.gentoo.org/glsa/201701-35

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92

reference_id

mfsa2016-92

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92

reference_url

https://www.mozilla.org/security/advisories/mfsa2016-92/

reference_id

mfsa2016-92

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://www.mozilla.org/security/advisories/mfsa2016-92/

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2843.html

reference_id

RHSA-2016-2843.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://rhn.redhat.com/errata/RHSA-2016-2843.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2850.html

reference_id

RHSA-2016-2850.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

http://rhn.redhat.com/errata/RHSA-2016-2850.html

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1321066

reference_id

show_bug.cgi?id=1321066

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1321066

reference_url	https://usn.ubuntu.com/3140-1/
reference_id	USN-3140-1
reference_type
scores
url	https://usn.ubuntu.com/3140-1/

reference_url	https://usn.ubuntu.com/3141-1/
reference_id	USN-3141-1
reference_type
scores
url	https://usn.ubuntu.com/3141-1/

Weaknesses

Exploits

date_added	2023-06-22
description	Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
required_action	Apply updates per vendor instructions.
due_date	2023-07-13
notes	https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079
known_ransomware_campaign_use	`false`
source_date_published	`null`
exploit_type	`null`
platform	`null`
source_date_updated	`null`
data_source	KEV
source_url	`null`

date_added	`null`
description	This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
required_action	`null`
due_date	`null`
notes	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
known_ransomware_campaign_use	`false`
source_date_published	2016-11-30
exploit_type	`null`
platform	Windows
source_date_updated	`null`
data_source	Metasploit
source_url	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/firefox_smil_uaf.rb

date_added	2017-01-24
description	Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2017-01-24
exploit_type	remote
platform	windows
source_date_updated	2017-01-25
data_source	Exploit-DB
source_url	https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb

Severity_range_score 6.8 - 10.0

Exploitability 2.0

Weighted_severity 9.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jmq5-4n83-nffw

Vulnerability Instance