Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1029?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.12.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.13.0", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2349?format=api", "vulnerability_id": "VCID-b3f8-xs54-x3hm", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971", "reference_id": "CVE-2012-1971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57", "reference_id": "mfsa2012-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-1971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b3f8-xs54-x3hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2356?format=api", "vulnerability_id": "VCID-bacb-nrmv-bkhf", "summary": "Security researcher Frédéric Hoguin reported two related\nissues with the decoding of bitmap (.BMP) format images embedded in icon (.ICO)\nformat files. When processing a negative \"height\" header value for the bitmap\nimage, a memory corruption can be induced, allowing an attacker to write random\nmemory and cause a crash. This crash may be potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966", "reference_id": "CVE-2012-3966", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61", "reference_id": "mfsa2012-61", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3966" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bacb-nrmv-bkhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2238?format=api", "vulnerability_id": "VCID-c3hz-p1eg-cyev", "summary": "Security researcher Mark Poticha reported an issue where\nincorrect SSL certificate information can be displayed on the addressbar,\nshowing the SSL data for a previous site while another has been loaded. This is\ncaused by two onLocationChange events being fired out of the expected order,\nleading to the displayed certificate data to not be updated. This can be used\nfor phishing attacks by allowing the user to input form or other data on a\nnewer, attacking, site while the credentials of an older site appear on the\naddressbar.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976", "reference_id": "CVE-2012-3976", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3976" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69", "reference_id": "mfsa2012-69", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3976" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3hz-p1eg-cyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2248?format=api", "vulnerability_id": "VCID-fr32-1m9n-c7ed", "summary": "Security researcher vsemozhetbyt reported that when the\nDOMParser is used to parse text/html data in a Firefox extension, linked\nresources within this HTML data will be loaded. If the data being parsed in the\nextension is untrusted, it could lead to information leakage and can\npotentially be combined with other attacks to become exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975", "reference_id": "CVE-2012-3975", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3975" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68", "reference_id": "mfsa2012-68", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3975" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fr32-1m9n-c7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2379?format=api", "vulnerability_id": "VCID-g2f7-uxpe-5baw", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find two issues involving Scalable Vector Graphics (SVG) files. The\nfirst issue is a buffer overflow in Gecko's SVG filter code when the sum of two\nvalues is too large to be stored as a signed 32-bit integer, causing the\nfunction to write past the end of an array. The second issue is a use-after-free\nwhen an element with a \"requiredFeatures\" attribute is moved between documents.\nIn that situation, the internal representation of the \"requiredFeatures\" value\ncould be freed prematurely. Both issues are potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969", "reference_id": "CVE-2012-3969", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3969" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63", "reference_id": "mfsa2012-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3969" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g2f7-uxpe-5baw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2410?format=api", "vulnerability_id": "VCID-mpwt-9awb-mkh4", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\ncertain security checks in the location object can be bypassed if chrome code is\ncalled content in a specific manner. This allowed for the loading of restricted\ncontent. This can be combined with other issues to become potentially\nexploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978", "reference_id": "CVE-2012-3978", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3978" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70", "reference_id": "mfsa2012-70", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-70" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3978" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpwt-9awb-mkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2237?format=api", "vulnerability_id": "VCID-q9j1-5s74-5ugv", "summary": "Security research Nicolas Grégoire used the Address\nSanitizer tool to discover an out-of-bounds read in the format-number feature of\nXSLT, which can cause inaccurate formatting of numbers and information leakage.\nThis is not directly exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972", "reference_id": "CVE-2012-3972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65", "reference_id": "mfsa2012-65", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9j1-5s74-5ugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2241?format=api", "vulnerability_id": "VCID-qys7-5evw-9yh6", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover two WebGL issues. The first issue is a use-after-free when WebGL\nshaders are called after being destroyed. The second issue exposes a problem\nwith Mesa drivers on Linux, leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968", "reference_id": "CVE-2012-3968", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3968" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62", "reference_id": "mfsa2012-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3968" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qys7-5evw-9yh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2258?format=api", "vulnerability_id": "VCID-up5d-dcg6-3fab", "summary": "Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting (XSS) attacks.\nUpdate October 9, 2012: This advisory was updated to reflect the fact that bug 756719 was also fixed in ESR 10.0.8.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956", "reference_id": "CVE-2012-1956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1956" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59", "reference_id": "mfsa2012-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-1956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-up5d-dcg6-3fab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2240?format=api", "vulnerability_id": "VCID-uq1p-rt3j-z3cf", "summary": "Using the Address Sanitizer tool, Mozilla security researcher\nChristoph Diehl discovered two memory corruption issues\ninvolving the Graphite 2 library used in Mozilla products. Both of these issues\ncan cause a potentially exploitable crash. These problems were fixed in the\nGraphite 2 library, which has been updated for Mozilla products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971", "reference_id": "CVE-2012-3971", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3971" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64", "reference_id": "mfsa2012-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-3971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uq1p-rt3j-z3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2332?format=api", "vulnerability_id": "VCID-vdr2-62nz-kqbc", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972", "reference_id": "CVE-2012-1972", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1972" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58", "reference_id": "mfsa2012-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-1972" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vdr2-62nz-kqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2311?format=api", "vulnerability_id": "VCID-wdqn-wjqb-cufp", "summary": "Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4930", "reference_id": "CVE-2012-4930", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4930" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-73", "reference_id": "mfsa2012-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1029?format=api", "purl": "pkg:mozilla/SeaMonkey@2.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" } ], "aliases": [ "CVE-2012-4930" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdqn-wjqb-cufp" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.12.0" }