Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1053?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.14.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.15.0", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2292?format=api", "vulnerability_id": "VCID-15hg-smda-afby", "summary": "Mozilla developer Bobby Holley reported that security wrappers filter at the time of property access, but once a function is returned, the caller can use this function without further security checks. This affects cross-origin wrappers, allowing for write actions on objects when only read actions should be properly allowed. This can lead to cross-site scripting (XSS) attacks.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841", "reference_id": "CVE-2012-5841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5841" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100", "reference_id": "mfsa2012-100", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-100" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-5841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15hg-smda-afby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2313?format=api", "vulnerability_id": "VCID-4upn-tv36-wbb6", "summary": "Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting five additional use-after-free, out of bounds read, and buffer overflow flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214", "reference_id": "CVE-2012-4214", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4214" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105", "reference_id": "mfsa2012-105", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-105" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4214" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4upn-tv36-wbb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2250?format=api", "vulnerability_id": "VCID-7tk5-9u1x-nkbj", "summary": "Security researcher Mariusz Mlynski reported that the location property can be accessed by binary plugins through top.location with a frame whose name attribute's value is set to \"top\". This can allow for possible cross-site scripting (XSS) attacks through plugins. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209", "reference_id": "CVE-2012-4209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4209" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103", "reference_id": "mfsa2012-103", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-103" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tk5-9u1x-nkbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2378?format=api", "vulnerability_id": "VCID-9kga-83c7-q3g5", "summary": "Security researcher Masato Kinugawa found when HZ-GB-2312 charset encoding is used for text, the \"~\" character will destroy another character near the chunk delimiter. This can lead to a cross-site scripting (XSS) attack in pages encoded in HZ-GB-2312.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207", "reference_id": "CVE-2012-4207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4207" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101", "reference_id": "mfsa2012-101", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kga-83c7-q3g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2406?format=api", "vulnerability_id": "VCID-9q39-smj2-gyee", "summary": "Security researcher Jonathan Stephens discovered that combining SVG text on a path with the setting of CSS properties could lead to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836", "reference_id": "CVE-2012-5836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5836" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94", "reference_id": "mfsa2012-94", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-5836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9q39-smj2-gyee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2362?format=api", "vulnerability_id": "VCID-af68-fxsm-1kbn", "summary": "Security researcher Atte Kettunen from OUSPG used the Address Sanitizer tool to discover a buffer overflow while rendering GIF format images. This issue is potentially exploitable and could lead to arbitrary code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202", "reference_id": "CVE-2012-4202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4202" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92", "reference_id": "mfsa2012-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af68-fxsm-1kbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2309?format=api", "vulnerability_id": "VCID-cyde-wgmd-f3d9", "summary": "Security researcher Scott Bell of Security-Assessment.com used the Address Sanitizer tool to discover a memory corruption in str_unescape in the Javascript engine. This could potentially lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204", "reference_id": "CVE-2012-4204", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4204" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96", "reference_id": "mfsa2012-96", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4204" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cyde-wgmd-f3d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2304?format=api", "vulnerability_id": "VCID-ed83-3zy8-yffx", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a series critically rated of use-after-free, buffer overflow, and memory corruption issues in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank miaubiz for reporting two additional use-after-free and memory corruption issues introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830", "reference_id": "CVE-2012-5830", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5830" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106", "reference_id": "mfsa2012-106", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-106" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-5830" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed83-3zy8-yffx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2260?format=api", "vulnerability_id": "VCID-kxv9-1d1t-rueg", "summary": "Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208", "reference_id": "CVE-2012-4208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4208" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99", "reference_id": "mfsa2012-99", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-99" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kxv9-1d1t-rueg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2377?format=api", "vulnerability_id": "VCID-q89u-vxqk-mbhv", "summary": "Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201", "reference_id": "CVE-2012-4201", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4201" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93", "reference_id": "mfsa2012-93", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4201" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q89u-vxqk-mbhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2285?format=api", "vulnerability_id": "VCID-r6d4-xcvs-dfdn", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843", "reference_id": "CVE-2012-5843", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5843" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91", "reference_id": "mfsa2012-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-91" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-5843" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6d4-xcvs-dfdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2300?format=api", "vulnerability_id": "VCID-ur8y-8uah-dkhf", "summary": "Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205", "reference_id": "CVE-2012-4205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4205" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97", "reference_id": "mfsa2012-97", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-97" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053?format=api", "purl": "pkg:mozilla/SeaMonkey@2.14.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" } ], "aliases": [ "CVE-2012-4205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur8y-8uah-dkhf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.14.0" }