Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1024?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.11.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.12.0", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2328?format=api", "vulnerability_id": "VCID-1v9j-kd28-5ufe", "summary": "Google developer Tony Payne reported an out of bounds (OOB)\nread in QCMS, Mozilla’s color management library. With a carefully crafted color profile portions of a user's memory could be incorporated into a transformed image and possibly deciphered.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960", "reference_id": "CVE-2012-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1960" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50", "reference_id": "mfsa2012-50", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1v9j-kd28-5ufe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2327?format=api", "vulnerability_id": "VCID-23uc-h52u-b7ft", "summary": "Security researcher Mariusz Mlynski reported an issue with\nspoofing of the location property. In this issue, calls to history.forward and\nhistory.back are used to navigate to a site while displaying the previous site\nin the addressbar but changing the baseURI to the newer site. This can be used\nfor phishing by allowing the user to input form or other data on the newer,\nattacking, site while appearing to be on the older, displayed site.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955", "reference_id": "CVE-2012-1955", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1955" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45", "reference_id": "mfsa2012-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1955" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23uc-h52u-b7ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2357?format=api", "vulnerability_id": "VCID-4wx4-61y3-j3dr", "summary": "Security researcher Bill Keese reported a memory corruption.\nThis is caused by JSDependentString::undepend changing a dependent string into a\nfixed string when there are additional dependent strings relying on the same\nbase. When the undepend occurs during conversion, the base data is freed,\nleaving other dependent strings with dangling pointers. This can lead to a\npotentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962", "reference_id": "CVE-2012-1962", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1962" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52", "reference_id": "mfsa2012-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1962" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wx4-61y3-j3dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2245?format=api", "vulnerability_id": "VCID-8xap-v6vg-vyaq", "summary": "Bugzilla developer Frédéric Buclin reported that the\n\"X-Frame-Options header is ignored when the value is duplicated,\nfor example X-Frame-Options: SAMEORIGIN, SAMEORIGIN. This\nduplication occurs for unknown reasons on some websites and when it occurs\nresults in Mozilla browsers not being protected against possible clickjacking\nattacks on those pages", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961", "reference_id": "CVE-2012-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51", "reference_id": "mfsa2012-51", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xap-v6vg-vyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2236?format=api", "vulnerability_id": "VCID-a6qz-skp8-23d9", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\narbitrary code execution attack using a javascript: URL. The Gecko\nengine features a JavaScript sandbox utility that allows the browser or add-ons\nto safely execute script in the context of a web page. In certain cases,\njavascript: URLs are executed in such a sandbox with insufficient\ncontext that can allow those scripts to escape from the sandbox and run with\nelevated privilege. This can lead to arbitrary code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967", "reference_id": "CVE-2012-1967", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1967" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56", "reference_id": "mfsa2012-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1967" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6qz-skp8-23d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2324?format=api", "vulnerability_id": "VCID-bsex-hp53-7kd7", "summary": "Mozilla developer Bobby Holley found that same-compartment\nsecurity wrappers (SCSW) can be bypassed by passing them to another compartment.\nCross-compartment wrappers often do not go through SCSW, but have a filtering\npolicy built into them. When an object is wrapped cross-compartment, the SCSW is\nstripped off and, when the object is read read back, it is not known that SCSW\nwas previously present, resulting in a bypassing of SCSW. This could result in\nuntrusted content having access to the XBL that implements browser\nfunctionality.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959", "reference_id": "CVE-2012-1959", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1959" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49", "reference_id": "mfsa2012-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1959" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bsex-hp53-7kd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2291?format=api", "vulnerability_id": "VCID-gadh-19ks-vuem", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free in nsGlobalWindow::PageHidden when mFocusedContent\nis released and oldFocusedContent is used afterwards. This use-after-free could\npossibly allow for remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958", "reference_id": "CVE-2012-1958", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1958" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48", "reference_id": "mfsa2012-48", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gadh-19ks-vuem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2368?format=api", "vulnerability_id": "VCID-nvpe-v8jh-fqdk", "summary": "Security researcher Mario Heiderich reported that javascript\ncould be executed in the HTML feed-view using <embed> tag\nwithin the RSS <description>. This problem is due to\n<embed> tags not being filtered out during parsing and can\nlead to a potential cross-site scripting (XSS) attack. The flaw existed in a\nparser utility class and could affect other parts of the browser or add-ons\nwhich rely on that class to sanitize untrusted input.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957", "reference_id": "CVE-2012-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1957" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47", "reference_id": "mfsa2012-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvpe-v8jh-fqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2386?format=api", "vulnerability_id": "VCID-r5p4-r6th-1fft", "summary": "Security researcher Karthikeyan Bhargavan of Prosecco at\nINRIA reported Content Security Policy (CSP) 1.0 implementation errors. CSP\nviolation reports generated by Firefox and sent to the \"report-uri\" location\ninclude sensitive data within the \"blocked-uri\" parameter. These include\nfragment components and query strings even if the \"blocked-uri\" parameter has a\ndifferent origin than the protected resource. This can be used to retrieve a\nuser's OAuth 2.0 access tokens and OpenID credentials by malicious sites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963", "reference_id": "CVE-2012-1963", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1963" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53", "reference_id": "mfsa2012-53", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1963" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r5p4-r6th-1fft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2407?format=api", "vulnerability_id": "VCID-vfss-5cfk-dqc3", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949", "reference_id": "CVE-2012-1949", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1949" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42", "reference_id": "mfsa2012-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1949" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfss-5cfk-dqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2295?format=api", "vulnerability_id": "VCID-xk4x-pd18-akag", "summary": "Google security researcher Abhishek Arya used the Address\nSanitizer tool to uncover four issues: two use-after-free problems, one out of\nbounds read bug, and a bad cast. The first use-after-free problem is caused\nwhen an array of nsSMILTimeValueSpec objects is destroyed but attempts are made\nto call into objects in this array later. The second use-after-free problem is\nin nsDocument::AdoptNode when it adopts into an empty document and then adopts\ninto another document, emptying the first one. The heap buffer overflow is in\nElementAnimations when data is read off of end of an array and then pointers are\ndereferenced. The bad cast happens when nsTableFrame::InsertFrames is called\nwith frames in aFrameList that are a mix of row group frames and column group\nframes. AppendFrames is not able to handle this mix.All four of these issues are potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951", "reference_id": "CVE-2012-1951", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1951" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44", "reference_id": "mfsa2012-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1024?format=api", "purl": "pkg:mozilla/SeaMonkey@2.11.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" } ], "aliases": [ "CVE-2012-1951" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xk4x-pd18-akag" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.11.0" }