Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1098?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "1.0.5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.0.6", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2584?format=api", "vulnerability_id": "VCID-1dp1-keqm-9bcy", "summary": "As part of the Firefox 1.5.0.7 release we fixed several bugs to\nimprove the stability of the product. Some of these were crashes\nthat showed evidence of memory corruption and we presume that at\nleast some of these could be exploited to run arbitrary code\nwith enough effort.We thank Bernd Mielke, Georgi Guninski, Igor Bukanov, Jesse Ruderman,\nMartijn Wargers, Mats Palmgren, Olli Pettay, shutdown, and Weston Carloss\nfor discovering and reporting these crashes.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in\nmail. This is not the default setting and we strongly discourage users from\nrunning JavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to prepare\nmemory for exploitation through some means other than JavaScript, such as\nlarge images or plugin data.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571", "reference_id": "CVE-2006-4571", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-64", "reference_id": "mfsa2006-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" } ], "aliases": [ "CVE-2006-4571" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dp1-keqm-9bcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2523?format=api", "vulnerability_id": "VCID-8ggm-zf1m-g3gt", "summary": "Georgi Guninski demonstrated that even with JavaScript disabled in\nmail (the default) an attacker can still execute JavaScript when a\nmail message is viewed, replied to, or forwarded by putting the script\nin a remote XBL file loaded by the message. The executed script could\nbe used to alter or change the appearance of the message, and can\nact as a \"mail-tap\" to spy on the contents added to a reply or forward.\nFor example, the attacker could make a provocative offer to\na rival business and then watch the internal debate as it was forwarded\nand replied to.The victim would have to have chosen to \"Load Images\"--either for the\nindividual message or as the default setting -- in order for the XBL file\nto be loaded and the JavaScript executed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570", "reference_id": "CVE-2006-4570", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-63", "reference_id": "mfsa2006-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" } ], "aliases": [ "CVE-2006-4570" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ggm-zf1m-g3gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2519?format=api", "vulnerability_id": "VCID-b1h3-b4m1-97g3", "summary": "Jonathan Watt and Michal Zalewski independently reported timing dependent\ntestcases that trigger crashes at the same place during text display.\nWe have seen no demonstration that these crashes could be reliably\nexploited, but they do show evidence of memory corruption so we presume\nthey could be.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from enabling\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253", "reference_id": "CVE-2006-4253", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-59", "reference_id": "mfsa2006-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" } ], "aliases": [ "CVE-2006-4253" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1h3-b4m1-97g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2500?format=api", "vulnerability_id": "VCID-gzee-955x-ufbz", "summary": "shutdown demonstrated a way to inject content into a sub-frame of another\nsite using targetWindow.frames[n].document.open(),\nmaking the attackers content look like it was part of the victim site.\nSimilar in effect to MFSA 2005-51.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568", "reference_id": "CVE-2006-4568", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-61", "reference_id": "mfsa2006-61", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" } ], "aliases": [ "CVE-2006-4568" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gzee-955x-ufbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2553?format=api", "vulnerability_id": "VCID-q3kb-75tq-a7dt", "summary": "Priit Laes reported a crash due to a heap buffer overflow triggered\nby a JavaScript regular expression containing\na minimal quantifier. We presume this could be exploited to run\narbitrary code.CanadianGuy, Girts Folkmanis and Catalin Patulea report that a regular\nexpression that ends with a backslash inside an unterminated\ncharacter set (e.g. \"[\\\\\") will cause the regular expression engine\nto read beyond the end of the buffer, possibly leading to a crash.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from enabling\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565", "reference_id": "CVE-2006-4565", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-57", "reference_id": "mfsa2006-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" } ], "aliases": [ "CVE-2006-4565" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3kb-75tq-a7dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2530?format=api", "vulnerability_id": "VCID-stgz-192z-nqd2", "summary": "Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's\nrecent presentation of a common implementation error in RSA signature verification,\na failure to account for extra data in the signature. For signatures with a small\nexponent such as 3 it is possible for an attacker to calculate a value for this extra data to make an altered message appear to be correctly signed, allowing the signature to be forged.\nMozilla's Network Security Services (NSS) library was vulnerable to this flaw.Because the set of root Certificate Authorities that ship with Mozilla clients\ncontain some with an exponent of 3 it was possible to make up certificates,\nsuch as SSL/TLS and email certificates, that were not detected as invalid.\nThis raised the possibility of the sort of Man-in-the-Middle attacks\nSSL/TLS was invented to prevent.We thank Philip Mackenzie and Marius Schilder for bringing\nthis result to our attention and working with us to ensure the NSS library was\nsafe from variations on this basic attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340", "reference_id": "CVE-2006-4340", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-60", "reference_id": "mfsa2006-60", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-60" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1098?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" } ], "aliases": [ "CVE-2006-4340" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stgz-192z-nqd2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.5" }