Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1047?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "13.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "14.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2394?format=api", "vulnerability_id": "VCID-29sb-u37n-audy", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938", "reference_id": "CVE-2012-1938", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34", "reference_id": "mfsa2012-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1938" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29sb-u37n-audy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2385?format=api", "vulnerability_id": "VCID-2ry7-xkdn-4uak", "summary": "Security Researcher Matt McCutchen reported that a\nclickjacking attack using the certificate warning page. A man-in-the-middle\n(MITM) attacker can use an iframe to display its own certificate error warning\npage (about:certerror) with the \"Add Exception\" button of a real warning page\nfrom a malicious site. This can mislead users to adding a certificate exception\nfor a different site than the perceived one. This can lead to compromised\ncommunications with the user perceived site through the MITM attack once the\ncertificate exception has been added.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964", "reference_id": "CVE-2012-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1964" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54", "reference_id": "mfsa2012-54", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ry7-xkdn-4uak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2069?format=api", "vulnerability_id": "VCID-6n2g-r1yx-5yha", "summary": "Security researcher Robert Kugler discovered that in some\ninstances the Mozilla Maintenance Service on Windows will be vulnerable to some\npreviously fixed privilege escalation attacks that allowed for local privilege\nescalation. This was caused by the Mozilla Updater not updating Windows Registry\nentries for the Mozilla Maintenance Service, which fixed the earlier issues\npresent if Firefox 12 had been installed. New installations of Firefox after\nversion 12 are not affected by this issue. Local file system access is necessary\nin order for this issue to be exploitable and it cannot be triggered through web\ncontent.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942", "reference_id": "CVE-2012-1942", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-35", "reference_id": "mfsa2012-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-35" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-45", "reference_id": "mfsa2013-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1942" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6n2g-r1yx-5yha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2364?format=api", "vulnerability_id": "VCID-btpx-49ky-eqbk", "summary": "Security researcher Abhishek Arya of Google used the Address\nSanitizer tool to uncover several issues: two heap buffer overflow bugs and a\nuse-after-free problem. The first heap buffer overflow was found in conversion\nfrom unicode to native character sets when the function fails. The\nuse-after-free occurs in nsFrameList when working with column layout with\nabsolute positioning in a container that changes size. The second buffer\noverflow occurs in nsHTMLReflowState when a window is resized on a page with\nnested columns and a combination of absolute and relative positioning. All three\nof these issues are potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947", "reference_id": "CVE-2012-1947", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40", "reference_id": "mfsa2012-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1947" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btpx-49ky-eqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2371?format=api", "vulnerability_id": "VCID-c4yz-p288-hkgn", "summary": "Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security\nPolicy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944", "reference_id": "CVE-2012-1944", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-36", "reference_id": "mfsa2012-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1944" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4yz-p288-hkgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2413?format=api", "vulnerability_id": "VCID-hfs6-4xea-hufa", "summary": "Security researcher Arthur Gerkis used the Address Sanitizer\ntool to find a use-after-free while replacing/inserting a node in a document.\nThis use-after-free could possibly allow for remote code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946", "reference_id": "CVE-2012-1946", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38", "reference_id": "mfsa2012-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1946" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfs6-4xea-hufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2249?format=api", "vulnerability_id": "VCID-mfnv-gyq3-eufj", "summary": "Security researcher Paul Stone reported an attack where an\nHTML page hosted on a Windows share and then loaded could then load Windows\nshortcut files (.lnk) in the same share. These shortcut files could then link to\narbitrary locations on the local file system of the individual loading the HTML\npage. That page could show the contents of these linked files or directories\nfrom the local file system in an iframe, causing information disclosure.\nThis issue could potentially affect Linux machines with samba\nshares enabled.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945", "reference_id": "CVE-2012-1945", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37", "reference_id": "mfsa2012-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-1945" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfnv-gyq3-eufj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=api", "vulnerability_id": "VCID-wh5f-gkuv-q3ep", "summary": "Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441", "reference_id": "CVE-2012-0441", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39", "reference_id": "mfsa2012-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1047?format=api", "purl": "pkg:mozilla/Thunderbird@13.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" } ], "aliases": [ "CVE-2012-0441" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wh5f-gkuv-q3ep" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@13.0.0" }