{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/685?format=json","vulnerability_id":"VCID-7h8u-eu8y-1kha","summary":"The mozAddonManager allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites.","aliases":[{"alias":"CVE-2017-5393"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1900?format=json","purl":"pkg:alpm/archlinux/firefox@51.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-173r-g4tm-tbdk"},{"vulnerability":"VCID-1jrf-kzc8-87b8"},{"vulnerability":"VCID-41k8-gnnn-17hp"},{"vulnerability":"VCID-4gky-p4gv-u7cw"},{"vulnerability":"VCID-4ncv-bsfh-kufk"},{"vulnerability":"VCID-53n9-hyzh-yyaz"},{"vulnerability":"VCID-5ptb-5a8k-27ff"},{"vulnerability":"VCID-5vdw-pucj-83df"},{"vulnerability":"VCID-6rhu-j1hm-5yc5"},{"vulnerability":"VCID-7rvf-ac7d-6fa6"},{"vulnerability":"VCID-96xh-fdtu-5fh3"},{"vulnerability":"VCID-9ymk-b2sg-3bfh"},{"vulnerability":"VCID-d5gv-m4u7-3bfc"},{"vulnerability":"VCID-ddhr-r6rr-q7ah"},{"vulnerability":"VCID-e2vh-ny9f-vugv"},{"vulnerability":"VCID-ez33-vkty-bkcx"},{"vulnerability":"VCID-hdfp-hcar-hqdj"},{"vulnerability":"VCID-jc41-75ha-97c9"},{"vulnerability":"VCID-kxgc-ypqu-9fd9"},{"vulnerability":"VCID-m2ee-rr9r-u3ge"},{"vulnerability":"VCID-m4jq-6tmd-p7gh"},{"vulnerability":"VCID-nv26-s56m-vkdh"},{"vulnerability":"VCID-rmrk-stbr-tbf7"},{"vulnerability":"VCID-wx4s-73zs-cfap"},{"vulnerability":"VCID-xtbe-gv4p-23fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@51.0.1-1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1914?format=json","purl":"pkg:alpm/archlinux/firefox@50.1.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-11uz-v7pw-v7hw"},{"vulnerability":"VCID-3am9-1vdf-27gt"},{"vulnerability":"VCID-442s-jgvp-gfav"},{"vulnerability":"VCID-52sd-uf2t-wkam"},{"vulnerability":"VCID-5m57-7cch-v3ga"},{"vulnerability":"VCID-7h8u-eu8y-1kha"},{"vulnerability":"VCID-bn6e-q2fz-7fba"},{"vulnerability":"VCID-d6tp-qmay-tbf6"},{"vulnerability":"VCID-fhdf-bwes-dkbc"},{"vulnerability":"VCID-hhp4-mh9x-pkfc"},{"vulnerability":"VCID-m7n2-1ppv-jfcm"},{"vulnerability":"VCID-n9bg-836z-abb8"},{"vulnerability":"VCID-qp5g-hk6b-8qck"},{"vulnerability":"VCID-t84w-xvmd-sudf"},{"vulnerability":"VCID-urn6-j25v-pkdz"},{"vulnerability":"VCID-vz3w-t1uk-ubb7"},{"vulnerability":"VCID-w6s6-79aa-ubg4"},{"vulnerability":"VCID-w7y8-j3y5-v3ex"},{"vulnerability":"VCID-yk3y-5my9-auak"},{"vulnerability":"VCID-zd5k-c12h-c3ae"},{"vulnerability":"VCID-zysf-gywg-qyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.1.0-1"}],"references":[{"reference_url":"https://security.archlinux.org/ASA-201701-39","reference_id":"ASA-201701-39","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-39"},{"reference_url":"https://security.archlinux.org/AVG-157","reference_id":"AVG-157","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-157"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01","reference_id":"mfsa2017-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-01"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7h8u-eu8y-1kha"}