[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-2838":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":68,"aliases":69,"duplicate_of":9,"upstream":70,"downstream":71,"duplicates":102,"related":103,"reserved_at":9,"published_at":113,"modified_at":114,"state":115,"summary":116,"references_raw":125,"kevs":183,"epss":184,"epss_history":187,"metrics":443,"affected":454},"CVE-2016-2838","Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-119","Improper Restriction of Operations within the Bounds of a Memory Buffer","The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.","weakness","Stable","Class","High",[20,24,28,32,36,40,44,48,52,56,60,64],{"id":21,"name":22,"techniques":23},"CAPEC-10","Buffer Overflow via Environment Variables",[],{"id":25,"name":26,"techniques":27},"CAPEC-100","Overflow Buffers",[],{"id":29,"name":30,"techniques":31},"CAPEC-123","Buffer Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-14","Client-side Injection-induced Buffer Overflow",[],{"id":37,"name":38,"techniques":39},"CAPEC-24","Filter Failure through Buffer Overflow",[],{"id":41,"name":42,"techniques":43},"CAPEC-42","MIME Conversion",[],{"id":45,"name":46,"techniques":47},"CAPEC-44","Overflow Binary Resource File",[],{"id":49,"name":50,"techniques":51},"CAPEC-45","Buffer Overflow via Symbolic Links",[],{"id":53,"name":54,"techniques":55},"CAPEC-46","Overflow Variables and Tags",[],{"id":57,"name":58,"techniques":59},"CAPEC-47","Buffer Overflow via Parameter Expansion",[],{"id":61,"name":62,"techniques":63},"CAPEC-8","Buffer Overflow in an API Call",[],{"id":65,"name":66,"techniques":67},"CAPEC-9","Buffer Overflow in Local Command-Line Utilities",[],[],[],[],[72,74,76,78,80,82,84,86,88,90,92,94,96,98,100],{"_key":73},"RHSA-2016:1551",{"_key":75},"OPENSUSE-SU-2024:10071-1",{"_key":77},"SUSE-SU-2016:2061-1",{"_key":79},"SUSE-SU-2016:2131-1",{"_key":81},"SUSE-SU-2016:2195-1",{"_key":83},"OPENSUSE-SU-2016:2253-1",{"_key":85},"OPENSUSE-SU-2016:2254-1",{"_key":87},"OPENSUSE-SU-2024:10230-1",{"_key":89},"OPENSUSE-SU-2024:14572-1",{"_key":91},"DLA-585-1",{"_key":93},"DSA-3640-1",{"_key":95},"MGASA-2016-0278",{"_key":97},"UBUNTU-CVE-2016-2838",{"_key":99},"USN-3044-1",{"_key":101},"DEBIAN-CVE-2016-2838",[],[104,105,106,107,108,109,110,111,112],{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":95},"2016-08-05T01:00:00.000Z","2024-08-05T23:32:21.324Z","Modified",{"cisa_kev":117,"cisa_ransomware":117,"cisa_vendor":9,"epss_severity":118,"epss_score":119,"severity":120,"severity_score":121,"severity_version":122,"severity_source":123,"severity_vector":124,"severity_status":115},false,"low",0.01155,"high",8.8,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[126,133,139,144,149,153,158,164,169,174,179],{"url":127,"sources":128,"tags":130},"http://www.debian.org/security/2016/dsa-3640",[129,123],"cve.org",[131,132],"Vendor Advisory","X Refsource DEBIAN",{"url":134,"sources":135,"tags":136},"http://www.securitytracker.com/id/1036508",[129,123],[137,138],"VDB Entry","X Refsource SECTRACK",{"url":140,"sources":141,"tags":142},"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",[129,123],[143],"X Refsource CONFIRM",{"url":145,"sources":146,"tags":147},"http://www.ubuntu.com/usn/USN-3044-1",[129,123],[131,148],"X Refsource UBUNTU",{"url":150,"sources":151,"tags":152},"http://www.mozilla.org/security/announce/2016/mfsa2016-64.html",[129,123],[143,131],{"url":154,"sources":155,"tags":156},"http://rhn.redhat.com/errata/RHSA-2016-1551.html",[129,123],[131,157],"X Refsource REDHAT",{"url":159,"sources":160,"tags":161},"https://bugzilla.mozilla.org/show_bug.cgi?id=1279814",[129,123],[143,162,163],"Issue Tracking","Permissions Required",{"url":165,"sources":166,"tags":167},"https://security.gentoo.org/glsa/201701-15",[129,123],[131,168],"X Refsource GENTOO",{"url":170,"sources":171,"tags":172},"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html",[129,123],[131,173],"X Refsource SUSE",{"url":175,"sources":176,"tags":177},"http://www.securityfocus.com/bid/92261",[129,123],[137,178],"X Refsource BID",{"url":180,"sources":181,"tags":182},"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html",[129,123],[131,173],[],{"date":185,"score":119,"percentile":186},"2026-06-04",0.78881,[188,192,195,198,201,204,207,210,213,216,219,222,224,226,228,231,234,237,239,242,245,248,250,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,311,313,316,319,321,323,326,329,332,335,338,341,344,347,349,352,355,358,360,363,366,368,370,373,375,378,381,383,386,390,393,396,399,402,405,408,411,414,417,420,423,426,429,431,434,437,440],{"date":189,"score":190,"percentile":191},"2025-11-04",0.03072,0.86227,{"date":193,"score":190,"percentile":194},"2025-11-05",0.8623,{"date":196,"score":190,"percentile":197},"2025-11-06",0.86229,{"date":199,"score":190,"percentile":200},"2025-11-07",0.86238,{"date":202,"score":190,"percentile":203},"2025-11-08",0.86241,{"date":205,"score":190,"percentile":206},"2025-11-09",0.86235,{"date":208,"score":190,"percentile":209},"2025-11-10",0.86236,{"date":211,"score":190,"percentile":212},"2025-11-11",0.8624,{"date":214,"score":190,"percentile":215},"2025-11-12",0.86251,{"date":217,"score":190,"percentile":218},"2025-11-13",0.86257,{"date":220,"score":190,"percentile":221},"2025-11-14",0.8626,{"date":223,"score":190,"percentile":215},"2025-11-15",{"date":225,"score":190,"percentile":215},"2025-11-16",{"date":227,"score":190,"percentile":203},"2025-11-17",{"date":229,"score":190,"percentile":230},"2025-11-18",0.85503,{"date":232,"score":190,"percentile":233},"2025-11-19",0.85506,{"date":235,"score":190,"percentile":236},"2025-11-20",0.85507,{"date":238,"score":190,"percentile":215},"2025-11-21",{"date":240,"score":190,"percentile":241},"2025-11-22",0.86247,{"date":243,"score":190,"percentile":244},"2025-11-23",0.86242,{"date":246,"score":190,"percentile":247},"2025-11-24",0.86244,{"date":249,"score":190,"percentile":247},"2025-11-25",{"date":251,"score":190,"percentile":247},"2025-11-26",{"date":253,"score":190,"percentile":254},"2025-11-27",0.86245,{"date":256,"score":190,"percentile":257},"2025-11-28",0.86226,{"date":259,"score":190,"percentile":260},"2025-11-29",0.86298,{"date":262,"score":190,"percentile":263},"2025-11-30",0.86297,{"date":265,"score":190,"percentile":266},"2025-12-01",0.8635,{"date":268,"score":190,"percentile":269},"2025-12-02",0.86352,{"date":271,"score":190,"percentile":272},"2025-12-03",0.86351,{"date":274,"score":190,"percentile":275},"2025-12-04",0.86289,{"date":277,"score":190,"percentile":278},"2025-12-05",0.8629,{"date":280,"score":190,"percentile":281},"2025-12-06",0.86287,{"date":283,"score":190,"percentile":284},"2025-12-07",0.86274,{"date":286,"score":190,"percentile":287},"2025-12-08",0.86273,{"date":289,"score":190,"percentile":290},"2025-12-09",0.86281,{"date":292,"score":190,"percentile":293},"2025-12-10",0.86301,{"date":295,"score":190,"percentile":296},"2025-12-11",0.86308,{"date":298,"score":190,"percentile":299},"2025-12-12",0.8631,{"date":301,"score":190,"percentile":302},"2025-12-13",0.86306,{"date":304,"score":190,"percentile":305},"2025-12-14",0.86302,{"date":307,"score":190,"percentile":308},"2025-12-15",0.86299,{"date":310,"score":190,"percentile":302},"2025-12-16",{"date":312,"score":190,"percentile":299},"2025-12-17",{"date":314,"score":190,"percentile":315},"2025-12-18",0.86319,{"date":317,"score":190,"percentile":318},"2025-12-19",0.86321,{"date":320,"score":190,"percentile":315},"2025-12-20",{"date":322,"score":190,"percentile":318},"2025-12-21",{"date":324,"score":190,"percentile":325},"2025-12-22",0.86312,{"date":327,"score":190,"percentile":328},"2025-12-23",0.86315,{"date":330,"score":190,"percentile":331},"2025-12-24",0.8632,{"date":333,"score":190,"percentile":334},"2025-12-25",0.86332,{"date":336,"score":190,"percentile":337},"2025-12-26",0.86336,{"date":339,"score":190,"percentile":340},"2025-12-27",0.86379,{"date":342,"score":190,"percentile":343},"2025-12-28",0.86329,{"date":345,"score":190,"percentile":346},"2025-12-29",0.86323,{"date":348,"score":190,"percentile":343},"2025-12-30",{"date":350,"score":190,"percentile":351},"2025-12-31",0.86339,{"date":353,"score":190,"percentile":354},"2026-01-01",0.86397,{"date":356,"score":190,"percentile":357},"2026-01-02",0.864,{"date":359,"score":190,"percentile":357},"2026-01-03",{"date":361,"score":190,"percentile":362},"2026-01-04",0.86341,{"date":364,"score":190,"percentile":365},"2026-01-05",0.86337,{"date":367,"score":190,"percentile":351},"2026-01-06",{"date":369,"score":190,"percentile":351},"2026-01-07",{"date":371,"score":190,"percentile":372},"2026-01-08",0.86349,{"date":374,"score":190,"percentile":372},"2026-01-09",{"date":376,"score":190,"percentile":377},"2026-01-10",0.86347,{"date":379,"score":190,"percentile":380},"2026-01-11",0.8634,{"date":382,"score":190,"percentile":365},"2026-01-12",{"date":384,"score":190,"percentile":385},"2026-01-13",0.86334,{"date":387,"score":388,"percentile":389},"2026-01-14",0.00853,0.74439,{"date":391,"score":388,"percentile":392},"2026-01-15",0.74446,{"date":394,"score":388,"percentile":395},"2026-01-16",0.74462,{"date":397,"score":388,"percentile":398},"2026-01-17",0.74458,{"date":400,"score":388,"percentile":401},"2026-01-18",0.74434,{"date":403,"score":388,"percentile":404},"2026-01-19",0.74423,{"date":406,"score":388,"percentile":407},"2026-01-20",0.7443,{"date":409,"score":388,"percentile":410},"2026-01-21",0.74435,{"date":412,"score":388,"percentile":413},"2026-01-22",0.7444,{"date":415,"score":388,"percentile":416},"2026-01-23",0.74469,{"date":418,"score":388,"percentile":419},"2026-01-24",0.74477,{"date":421,"score":388,"percentile":422},"2026-01-25",0.74461,{"date":424,"score":388,"percentile":425},"2026-01-26",0.74459,{"date":427,"score":388,"percentile":428},"2026-01-27",0.74468,{"date":430,"score":388,"percentile":419},"2026-01-28",{"date":432,"score":388,"percentile":433},"2026-01-29",0.74475,{"date":435,"score":388,"percentile":436},"2026-01-30",0.74476,{"date":438,"score":388,"percentile":439},"2026-01-31",0.74481,{"date":441,"score":388,"percentile":442},"2026-02-01",0.74602,[444],{"source":123,"cvss_v2_0":445,"cvss_v3_0":450,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":446,"baseSeverity":9,"vectorString":447,"impactScore":448,"exploitabilityScore":449},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":121,"baseSeverity":451,"vectorString":124,"impactScore":452,"exploitabilityScore":453},"HIGH",9.8,7.2,[455],{"ecosystem":9,"name":456,"vendor":457,"product":456,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"firefox","mozilla","a",[460,466,468,470,472],{"version":461,"is_range":462,"range_type":463,"version_start":9,"version_start_type":9,"version_end":464,"version_end_type":465,"fixed_in":9},"lte47.0.1",true,"cpe","47.0.1","including",{"version":467,"is_range":117,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"45.1.0",{"version":469,"is_range":117,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"45.1.1",{"version":471,"is_range":117,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"45.2.0",{"version":473,"is_range":117,"range_type":463,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"45.3.0"]