[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2016-0105":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":72,"duplicates":73,"related":74,"reserved_at":9,"published_at":104,"modified_at":105,"state":9,"summary":106,"references_raw":108,"kevs":197,"epss":9,"epss_history":198,"metrics":199,"affected":200},"MGASA-2016-0105","Updated firefox packages fix security vulnerabilities\n\nUpdated nss and firefox packages fix security vulnerabilities:\n\nSecurity researcher SkyLined reported a use-after-free issue in how audio is\nhandled through the Web Audio API during MediaStream playback through\ninteractions with the Web Audio API. This results in a potentially\nexploitable crash (CVE-2015-4477).\n\nSecurity researcher cgvwzq reported that it is possible to read cross-origin\nURLs following a redirect if performance.getEntries() is used along with an\niframe to host a page. Navigating back in history through script, content is\npulled from the browser cache for the redirected location instead of going\nto the original location. This is a same-origin policy violation and could\nallow for data theft (CVE-2015-7207).\n\nA heap-based buffer overflow flaw was found in the way NSS parsed certain\nASN.1 structures. An attacker could use this flaw to create a specially\ncrafted certificate which, when parsed by NSS, could cause it to crash, or\nexecute arbitrary code, using the permissions of the user running an\napplication compiled against the NSS library (CVE-2016-1950).\n\nMozilla developer Tim Taubert used the Address Sanitizer tool and software\nfuzzing to discover a use-after-free vulnerability while processing DER\nencoded keys in the Network Security Services (NSS) libraries. The\nvulnerability overwrites the freed memory with zeroes (CVE-2016-1979).\n\nSeveral flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958,\nCVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1974, CVE-2016-1964,\nCVE-2016-1965, CVE-2016-1966).\n\nMultiple security flaws were found in the graphite2 font library shipped\nwith Firefox. A web page containing malicious content could cause Firefox\nto crash or, potentially, execute arbitrary code with the privileges of the\nuser running Firefox (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,\nCVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\nCVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,\nCVE-2016-2802).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70],{"_key":15},"CVE-2015-4477",{"_key":17},"CVE-2015-7207",{"_key":19},"CVE-2016-1950",{"_key":21},"CVE-2016-1952",{"_key":23},"CVE-2016-1954",{"_key":25},"CVE-2016-1957",{"_key":27},"CVE-2016-1958",{"_key":29},"CVE-2016-1960",{"_key":31},"CVE-2016-1961",{"_key":33},"CVE-2016-1962",{"_key":35},"CVE-2016-1964",{"_key":37},"CVE-2016-1965",{"_key":39},"CVE-2016-1966",{"_key":41},"CVE-2016-1974",{"_key":43},"CVE-2016-1977",{"_key":45},"CVE-2016-1979",{"_key":47},"CVE-2016-2790",{"_key":49},"CVE-2016-2791",{"_key":51},"CVE-2016-2792",{"_key":53},"CVE-2016-2793",{"_key":55},"CVE-2016-2794",{"_key":57},"CVE-2016-2795",{"_key":59},"CVE-2016-2796",{"_key":61},"CVE-2016-2797",{"_key":63},"CVE-2016-2798",{"_key":65},"CVE-2016-2799",{"_key":67},"CVE-2016-2800",{"_key":69},"CVE-2016-2801",{"_key":71},"CVE-2016-2802",[],[],[75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},"2016-03-09T22:57:53Z","2026-04-16T06:25:45.645503204Z",{"cisa_kev":107,"cisa_ransomware":107,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[109,115,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,189,193],{"url":110,"sources":111,"tags":113},"https://advisories.mageia.org/MGASA-2016-0105.html",[112],"osv_mageia",[114],"Advisory",{"url":116,"sources":117,"tags":118},"https://bugs.mageia.org/show_bug.cgi?id=17900",[112],[119],"REPORT",{"url":121,"sources":122,"tags":123},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/",[112],[119,114],{"url":125,"sources":126,"tags":127},"https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/",[112],[119,114],{"url":129,"sources":130,"tags":131},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/",[112],[119,114],{"url":133,"sources":134,"tags":135},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/",[112],[119,114],{"url":137,"sources":138,"tags":139},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/",[112],[119,114],{"url":141,"sources":142,"tags":143},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/",[112],[119,114],{"url":145,"sources":146,"tags":147},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/",[112],[119,114],{"url":149,"sources":150,"tags":151},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/",[112],[119,114],{"url":153,"sources":154,"tags":155},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/",[112],[119,114],{"url":157,"sources":158,"tags":159},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/",[112],[119,114],{"url":161,"sources":162,"tags":163},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/",[112],[119,114],{"url":165,"sources":166,"tags":167},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/",[112],[119,114],{"url":169,"sources":170,"tags":171},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/",[112],[119,114],{"url":173,"sources":174,"tags":175},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/",[112],[119,114],{"url":177,"sources":178,"tags":179},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/",[112],[119,114],{"url":181,"sources":182,"tags":183},"https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/",[112],[119,114],{"url":185,"sources":186,"tags":187},"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/",[112],[119,188],"WEB",{"url":190,"sources":191,"tags":192},"https://rhn.redhat.com/errata/RHSA-2016-0370.html",[112],[119,188],{"url":194,"sources":195,"tags":196},"https://rhn.redhat.com/errata/RHSA-2016-0373.html",[112],[119,188],[],[],[],[201,213,217,223],{"ecosystem":202,"name":203,"vendor":204,"product":203,"cpe_part":9,"purl_type":205,"purl_namespace":204,"purl_name":203,"source":9,"versions":206},"Mageia","firefox","mageia","rpm",[207],{"version":208,"is_range":209,"range_type":210,"version_start":9,"version_start_type":9,"version_end":211,"version_end_type":212,"fixed_in":9},"lt38_7_0_1_mga5",true,"ecosystem","38.7.0-1.mga5","excluding",{"ecosystem":202,"name":214,"vendor":204,"product":214,"cpe_part":9,"purl_type":205,"purl_namespace":204,"purl_name":214,"source":9,"versions":215},"firefox-l10n",[216],{"version":208,"is_range":209,"range_type":210,"version_start":9,"version_start_type":9,"version_end":211,"version_end_type":212,"fixed_in":9},{"ecosystem":202,"name":218,"vendor":204,"product":218,"cpe_part":9,"purl_type":205,"purl_namespace":204,"purl_name":218,"source":9,"versions":219},"nspr",[220],{"version":221,"is_range":209,"range_type":210,"version_start":9,"version_start_type":9,"version_end":222,"version_end_type":212,"fixed_in":9},"lt4_12_1_mga5","4.12-1.mga5",{"ecosystem":202,"name":224,"vendor":204,"product":224,"cpe_part":9,"purl_type":205,"purl_namespace":204,"purl_name":224,"source":9,"versions":225},"nss",[226],{"version":227,"is_range":209,"range_type":210,"version_start":9,"version_start_type":9,"version_end":228,"version_end_type":212,"fixed_in":9},"lt3_21_1_1_mga5","3.21.1-1.mga5"]