Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1019?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.7.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.1", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2299?format=api", "vulnerability_id": "VCID-5cyv-1m27-zfd6", "summary": "magicant starmen reported that if a user chooses to\nexport their Firefox Sync key the \"Firefox Recovery Key.html\" file is\nsaved with incorrect permissions, making the file contents potentially\nreadable by other users on Linux and OS X systems.\nFirefox 3.6 is not affected by this vulnerability.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450", "reference_id": "CVE-2012-0450", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0450" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09", "reference_id": "mfsa2012-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0450" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cyv-1m27-zfd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2294?format=api", "vulnerability_id": "VCID-d18w-azwz-nuhn", "summary": "Vitaly Nevgen reported that an attacker could replace a\nsub-frame in another domain's document by using the name attribute of the\nsub-frame as a form submission target. This can potentially allow for phishing\nattacks against users and violates the HTML5 frame navigation policy.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445", "reference_id": "CVE-2012-0445", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03", "reference_id": "mfsa2012-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0445" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d18w-azwz-nuhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2234?format=api", "vulnerability_id": "VCID-g4c9-yy3u-aqaw", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443", "reference_id": "CVE-2012-0443", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01", "reference_id": "mfsa2012-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0443" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4c9-yy3u-aqaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2383?format=api", "vulnerability_id": "VCID-jq9x-1rxz-1qb2", "summary": "Mozilla developer Tim Abraldes reported that when encoding\nimages as image/vnd.microsoft.icon the resulting data was always a\nfixed size, with uninitialized memory appended as padding beyond the size of the\nactual image. This is the result of mImageBufferSize in the encoder being\ninitialized with a value different than the size of the source image. There is\nthe possibility of sensitive data from uninitialized memory being appended to a\nPNG image when converted from an ICO format image. This sensitive data may then\nbe disclosed in the resulting image.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447", "reference_id": "CVE-2012-0447", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06", "reference_id": "mfsa2012-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0447" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jq9x-1rxz-1qb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2259?format=api", "vulnerability_id": "VCID-n4a2-kntd-sug6", "summary": "Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446", "reference_id": "CVE-2012-0446", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05", "reference_id": "mfsa2012-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0446" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4a2-kntd-sug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=api", "vulnerability_id": "VCID-nbbh-ws5y-3uh4", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444", "reference_id": "CVE-2012-0444", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07", "reference_id": "mfsa2012-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0444" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2239?format=api", "vulnerability_id": "VCID-rdhz-96c5-mka3", "summary": "Security researchers Nicolas Grégoire and Aki\nHelin independently reported that when processing a malformed\nembedded XSLT stylesheet, Firefox can crash due to a memory corruption.\nWhile there is no evidence that this is directly exploitable, there is\na possibility of remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449", "reference_id": "CVE-2012-0449", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08", "reference_id": "mfsa2012-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2012-0449" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdhz-96c5-mka3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2409?format=api", "vulnerability_id": "VCID-scmh-n3kp-yqas", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute\ncan be accessed under certain circumstances because of a premature notification\nof AttributeChildRemoved. This use-after-free of the child nodes could possibly\nallow for remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659", "reference_id": "CVE-2011-3659", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04", "reference_id": "mfsa2012-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1019?format=api", "purl": "pkg:mozilla/SeaMonkey@2.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" } ], "aliases": [ "CVE-2011-3659" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scmh-n3kp-yqas" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0" }