Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1028?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "type": "mozilla", "namespace": "", "name": "Thunderbird ESR", "version": "10.0.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "10.0.8", "latest_non_vulnerable_version": "17.0.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=api", "vulnerability_id": "VCID-b3f8-xs54-x3hm", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971", "reference_id": "CVE-2012-1971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-1971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3f8-xs54-x3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2356?format=api", "vulnerability_id": "VCID-bacb-nrmv-bkhf", "summary": "Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966", "reference_id": "CVE-2012-3966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61", "reference_id": "mfsa2012-61", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-3966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bacb-nrmv-bkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=api", "vulnerability_id": "VCID-g2f7-uxpe-5baw", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969", "reference_id": "CVE-2012-3969", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-3969" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2f7-uxpe-5baw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2411?format=api", "vulnerability_id": "VCID-hsyn-kqfm-7yfm", "summary": "Security researcher Colby Russell discovered that eval in\nthe web console can execute injected code with chrome privileges, leading to the\nrunning of malicious code in a privileged context. This allows for arbitrary\ncode execution through a malicious web page if the web console is invoked by the\nuser.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980", "reference_id": "CVE-2012-3980", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3980" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72", "reference_id": "mfsa2012-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-3980" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsyn-kqfm-7yfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2410?format=api", "vulnerability_id": "VCID-mpwt-9awb-mkh4", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978", "reference_id": "CVE-2012-3978", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70", "reference_id": "mfsa2012-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-3978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpwt-9awb-mkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=api", "vulnerability_id": "VCID-q9j1-5s74-5ugv", "summary": "Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972", "reference_id": "CVE-2012-3972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65", "reference_id": "mfsa2012-65", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-3972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9j1-5s74-5ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=api", "vulnerability_id": "VCID-qys7-5evw-9yh6", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968", "reference_id": "CVE-2012-3968", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-3968" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qys7-5evw-9yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=api", "vulnerability_id": "VCID-vdr2-62nz-kqbc", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972", "reference_id": "CVE-2012-1972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1028?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" } ], "aliases": [ "CVE-2012-1972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdr2-62nz-kqbc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.7" }