{"id":"USN-3044-1","summary":"firefox vulnerabilities","details":"Gustavo Grieco discovered an out-of-bounds read during XML parsing in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or obtain sensitive information.\n(CVE-2016-0718)\n\nToni Huttunen discovered that once a favicon is requested from a site,\nthe remote server can keep the network connection open even after the page\nis closed. A remote attacked could potentially exploit this to track\nusers, resulting in information disclosure. (CVE-2016-2830)\n\nChristian Holler, Tyson Smith, Boris Zbarsky, Byron Campen, Julian Seward,\nCarsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil\nRingnalda discovered multiple memory safety issues in Firefox. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code. (CVE-2016-2835, CVE-2016-2836)\n\nA buffer overflow was discovered in the ClearKey Content Decryption\nModule (CDM) during video playback. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this to\ncause a denial of service via plugin process crash, or, in combination\nwith another vulnerability to escape the GMP sandbox, execute arbitrary\ncode. (CVE-2016-2837)\n\nAtte Kettunen discovered a buffer overflow when rendering SVG content in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2016-2838)\n\nBert Massop discovered a crash in Cairo with version 0.10 of FFmpeg. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to execute arbitrary code. (CVE-2016-2839)\n\nCatalin Dumitru discovered that URLs of resources loaded after a\nnavigation start could be leaked to the following page via the Resource\nTiming API. An attacker could potentially exploit this to obtain sensitive\ninformation. (CVE-2016-5250)\n\nFiras Salem discovered an issue with non-ASCII and emoji characters in\ndata: URLs. An attacker could potentially exploit this to spoof the\naddressbar contents. (CVE-2016-5251)\n\nGeorg Koppen discovered a stack buffer underflow during 2D graphics\nrendering in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5252)\n\nAbhishek Arya discovered a use-after-free when the alt key is used with\ntop-level menus. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5254)\n\nJukka Jylänki discovered a crash during garbage collection. If a user\nwere tricked in to opening a specially crafted website, an attacker could\npotentially exploit this to execute arbitrary code. (CVE-2016-5255)\n\nLooben Yang discovered a use-after-free in WebRTC. If a user were tricked\nin to opening a specially crafted website, an attacker could potentially\nexploit this to cause a denial of service via application crash, or\nexecute arbitrary code. (CVE-2016-5258)\n\nLooben Yang discovered a use-after-free when working with nested sync\nevents in service workers. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5259)\n\nMike Kaply discovered that plain-text passwords can be stored in session\nrestore if an input field type is changed from \"password\" to \"text\" during\na session, leading to information disclosure. (CVE-2016-5260)\n\nSamuel Groß discovered an integer overflow in WebSockets during data\nbuffering in some circumstances. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit this to\ncause a denial of service via application crash, or execute arbitrary\ncode. (CVE-2016-5261)\n\nNikita Arykov discovered that JavaScript event handlers on a \u003cmarquee\u003e\nelement can execute in a sandboxed iframe without the allow-scripts flag\nset. If a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to conduct cross-site scripting\n(XSS) attacks. (CVE-2016-5262)\n\nA type confusion bug was discovered in display transformation during\nrendering. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code. (CVE-2016-5263)\n\nA use-after-free was discovered when applying effects to SVG elements in\nsome circumstances. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code.\n(CVE-2016-5264)\n\nAbdulrahman Alqabandi discovered a same-origin policy violation relating\nto local HTML files and saved shortcut files. An attacker could\npotentially exploit this to obtain sensitive information. (CVE-2016-5265)\n\nRafael Gieschke discovered an information disclosure issue related to\ndrag and drop. An attacker could potentially exploit this to obtain\nsensitive information. (CVE-2016-5266)\n\nA text injection issue was discovered with about: URLs. An attacker could\npotentially exploit this to spoof internal error pages. (CVE-2016-5268)\n","modified":"2026-04-24T09:02:33.234299121Z","published":"2016-08-05T12:39:55Z","related":["UBUNTU-CVE-2016-0718","UBUNTU-CVE-2016-2830","UBUNTU-CVE-2016-2835","UBUNTU-CVE-2016-2836","UBUNTU-CVE-2016-2837","UBUNTU-CVE-2016-2838","UBUNTU-CVE-2016-2839","UBUNTU-CVE-2016-5250","UBUNTU-CVE-2016-5251","UBUNTU-CVE-2016-5252","UBUNTU-CVE-2016-5254","UBUNTU-CVE-2016-5255","UBUNTU-CVE-2016-5258","UBUNTU-CVE-2016-5259","UBUNTU-CVE-2016-5260","UBUNTU-CVE-2016-5261","UBUNTU-CVE-2016-5262","UBUNTU-CVE-2016-5263","UBUNTU-CVE-2016-5264","UBUNTU-CVE-2016-5265","UBUNTU-CVE-2016-5266","UBUNTU-CVE-2016-5268"],"upstream":["CVE-2016-2830","CVE-2016-2835","CVE-2016-2836","CVE-2016-2837","CVE-2016-2838","CVE-2016-2839","CVE-2016-5250","CVE-2016-5251","CVE-2016-5252","CVE-2016-5254","CVE-2016-5255","CVE-2016-5258","CVE-2016-5259","CVE-2016-5260","CVE-2016-5261","CVE-2016-5262","CVE-2016-5263","CVE-2016-5264","CVE-2016-5265","CVE-2016-5266","CVE-2016-5268","UBUNTU-CVE-2016-2830","UBUNTU-CVE-2016-2835","UBUNTU-CVE-2016-2836","UBUNTU-CVE-2016-2837","UBUNTU-CVE-2016-2838","UBUNTU-CVE-2016-2839","UBUNTU-CVE-2016-5250","UBUNTU-CVE-2016-5251","UBUNTU-CVE-2016-5252","UBUNTU-CVE-2016-5254","UBUNTU-CVE-2016-5255","UBUNTU-CVE-2016-5258","UBUNTU-CVE-2016-5259","UBUNTU-CVE-2016-5260","UBUNTU-CVE-2016-5261","UBUNTU-CVE-2016-5262","UBUNTU-CVE-2016-5263","UBUNTU-CVE-2016-5264","UBUNTU-CVE-2016-5265","UBUNTU-CVE-2016-5266","UBUNTU-CVE-2016-5268"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3044-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2830"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2835"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2836"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2837"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2838"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-2839"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5250"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5251"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5252"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5254"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5255"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5258"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5259"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5260"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5261"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5262"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5263"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5264"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5265"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5266"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-5268"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@48.0+build2-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"48.0+build2-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1","36.0+build2-0ubuntu0.14.04.4","36.0.1+build2-0ubuntu0.14.04.1","36.0.4+build1-0ubuntu0.14.04.1","37.0+build2-0ubuntu0.14.04.1","37.0.1+build1-0ubuntu0.14.04.1","37.0.2+build1-0ubuntu0.14.04.1","38.0+build3-0ubuntu0.14.04.1","39.0+build5-0ubuntu0.14.04.1","39.0.3+build2-0ubuntu0.14.04.1","40.0+build4-0ubuntu0.14.04.1","40.0+build4-0ubuntu0.14.04.4","40.0.3+build1-0ubuntu0.14.04.1","41.0+build3-0ubuntu0.14.04.1","41.0.1+build2-0ubuntu0.14.04.1","41.0.2+build2-0ubuntu0.14.04.1","42.0+build2-0ubuntu0.14.04.1","43.0+build1-0ubuntu0.14.04.1","43.0.4+build3-0ubuntu0.14.04.1","44.0+build3-0ubuntu0.14.04.1","44.0.1+build2-0ubuntu0.14.04.1","44.0.2+build1-0ubuntu0.14.04.1","45.0+build2-0ubuntu0.14.04.1","45.0.1+build1-0ubuntu0.14.04.2","45.0.2+build1-0ubuntu0.14.04.1","46.0+build5-0ubuntu0.14.04.2","46.0.1+build1-0ubuntu0.14.04.3","47.0+build3-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"firefox","binary_version":"48.0+build2-0ubuntu0.14.04.1"},{"binary_name":"firefox-globalmenu","binary_version":"48.0+build2-0ubuntu0.14.04.1"},{"binary_name":"firefox-mozsymbols","binary_version":"48.0+build2-0ubuntu0.14.04.1"},{"binary_name":"firefox-testsuite","binary_version":"48.0+build2-0ubuntu0.14.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3044-1.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2830"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2835"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2836"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2837"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2838"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2839"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5250"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5251"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5252"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5254"},{"id":"CVE-2016-5255","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5258"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5259"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5260"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5261"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5262"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5263"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5264"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5265"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5266"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5268"}],"ecosystem":"Ubuntu:14.04:LTS"}}},{"package":{"name":"firefox","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/firefox@48.0+build2-0ubuntu0.16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"48.0+build2-0ubuntu0.16.04.1"}]}],"versions":["41.0.2+build2-0ubuntu1","42.0+build2-0ubuntu1","44.0+build3-0ubuntu2","44.0.1+build1-0ubuntu1","44.0.2+build1-0ubuntu1","45.0+build2-0ubuntu1","45.0.1+build1-0ubuntu1","45.0.2+build1-0ubuntu1","46.0+build5-0ubuntu0.16.04.2","46.0.1+build1-0ubuntu0.16.04.2","47.0+build3-0ubuntu0.16.04.1"],"ecosystem_specific":{"binaries":[{"binary_name":"firefox","binary_version":"48.0+build2-0ubuntu0.16.04.1"},{"binary_name":"firefox-globalmenu","binary_version":"48.0+build2-0ubuntu0.16.04.1"},{"binary_name":"firefox-mozsymbols","binary_version":"48.0+build2-0ubuntu0.16.04.1"},{"binary_name":"firefox-testsuite","binary_version":"48.0+build2-0ubuntu0.16.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3044-1.json","cves_map":{"cves":[{"id":"CVE-2016-2830","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2835"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2836"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2837"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2838"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-2839"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5250"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5251"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5252"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5254"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5255"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5258"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5259"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5260"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5261"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5262"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5263"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5264"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5265"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5266"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-5268"}],"ecosystem":"Ubuntu:16.04:LTS"}}}],"schema_version":"1.7.5"}