Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1069?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.7.0", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2874?format=api", "vulnerability_id": "VCID-1az2-21v2-5bbg", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG\nimplementation could result in an out-of-bounds memory access if\nSVG elements were removed during a DOMAttrModified event handler.\nThis vulnerability does not affect products prior to Firefox 8\nand SeaMonkey 2.5. Thunderbird 8 users would be vulnerable only if\nusing a browser-like feature that allowed scripts to run; users\nare not at risk while reading mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658", "reference_id": "CVE-2011-3658", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3658" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55", "reference_id": "mfsa2011-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3658" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1az2-21v2-5bbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2871?format=api", "vulnerability_id": "VCID-1vg7-wd1h-qkec", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird\nand SeaMonkey products because scripting is disabled, but are potentially a risk\nin browser or browser-like contexts in those products.These vulnerabilities did not affect the older browser engine used\nprior to Firefox 4.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660", "reference_id": "CVE-2011-3660", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3660" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53", "reference_id": "mfsa2011-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3660" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vg7-wd1h-qkec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2885?format=api", "vulnerability_id": "VCID-e1bs-u53p-5bgg", "summary": "sczimmer reported a crash when scaling an OGG\n<video> element to extreme sizes.\nFirefox 3.6 is not affected by this vulnerability", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665", "reference_id": "CVE-2011-3665", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3665" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58", "reference_id": "mfsa2011-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3665" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1bs-u53p-5bgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2848?format=api", "vulnerability_id": "VCID-edxu-e7yw-kyey", "summary": "FireBreath developer Richard Bateman reported a crash\non Mac OS X that occurred when a plugin deletes its containing DOM frame\nduring a call from that frame. The observed symptom is a null dereference\nbut we cannot rule out the possibility that content from a scriptable plugin\nsuch as Flash could find a way to dereference a more useful address\nand exploit it.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3664", "reference_id": "CVE-2011-3664", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3664" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-57", "reference_id": "mfsa2011-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edxu-e7yw-kyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2853?format=api", "vulnerability_id": "VCID-h919-wzxu-wqge", "summary": "Security researcher Aki Helin reported a crash\nin the YARR regular expression library that could be triggered by\njavascript in web content.\nThe YARR library was not used in older versions of\nthe Mozilla browser engine. This vulnerability does not affect\nFirefox 3.6 or Thunderbird 3.1", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661", "reference_id": "CVE-2011-3661", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3661" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54", "reference_id": "mfsa2011-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3661" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h919-wzxu-wqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2302?format=api", "vulnerability_id": "VCID-nk9z-erd1-bkc9", "summary": "Security researcher regenrecht reported a flaw that affected Firefox versions 4 through 8 via TippingPoint's Zero Day Initiative. This flaw is a use-after-free in nsHTMLSelectElement when the parent node of the element is no longer active and could allow for possible remote code execution.\nFirefox 3.6 is not affected by this vulnerability.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3671", "reference_id": "CVE-2011-3671", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3671" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-41", "reference_id": "mfsa2012-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-41" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3671" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nk9z-erd1-bkc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2847?format=api", "vulnerability_id": "VCID-wp88-wpws-j7gg", "summary": "Security researcher Mario Heiderich reported it was\npossible to use SVG animation accessKey events to detect\nkey strokes even when JavaScript was disabled. Since web pages can normally\ndetect key events through script and most users have scripting enabled this\ndoes not present a risk for most users. In contexts where the user knows\nscripting is disabled (reading mail, for example, or NoScript users) this\ncould allow a malicious web page to fool a user into interacting with\na prompt thinking it came from the browser or mail program.\n\nAccessing remote content is disabled by default When reading mail in\nThunderbird and SeaMonkey. Successfully capturing keystrokes remotely would\nrequire some social engineering to convince the user to turn it on.\n\nSVG animation is not supported in Thunderbird 3.1 or Firefox 3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663", "reference_id": "CVE-2011-3663", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3663" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56", "reference_id": "mfsa2011-56", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069?format=api", "purl": "pkg:mozilla/SeaMonkey@2.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" } ], "aliases": [ "CVE-2011-3663" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wp88-wpws-j7gg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.6.0" }