{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T23:03:59.755","vulnerabilities":[{"cve":{"id":"CVE-2016-9903","sourceIdentifier":"security@mozilla.org","published":"2018-06-11T21:29:02.420","lastModified":"2024-11-21T03:01:58.890","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1."},{"lang":"es","value":"El SDK de add-ons de Mozilla tenía un recurso accesible globalmente con una vulnerabilidad de inyección HTML. Si una vulnerabilidad adicional permite que este recurso se cargue como documento, podría permitir la adición de contenido y scripts en el contexto de un add-on. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.1."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"50.1","matchCriteriaId":"5D7D13A9-230F-4040-AF9B-EBD07E4ACEEC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94883","source":"security@mozilla.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037461","source":"security@mozilla.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1315435","source":"security@mozilla.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2016-94/","source":"security@mozilla.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94883","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037461","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1315435","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2016-94/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}