Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1100?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "1.0.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.0.3", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2582?format=api", "vulnerability_id": "VCID-3uay-6bec-z3gf", "summary": "Mozilla team members discovered several crashes during testing of the\nbrowser engine showing evidence of memory corruption that we presume\nis exploitable.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779", "reference_id": "CVE-2006-2779", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-32", "reference_id": "mfsa2006-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2779" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3uay-6bec-z3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2537?format=api", "vulnerability_id": "VCID-5e6q-3jug-8bbh", "summary": "Mikolaj Habryn discovered an array index bug in crypto.signText() that\nresults in overflowing an allocated array of pointers by two when optional\nCertificate Authority name arguments are passed in.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778", "reference_id": "CVE-2006-2778", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-38", "reference_id": "mfsa2006-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2778" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5e6q-3jug-8bbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2575?format=api", "vulnerability_id": "VCID-75qe-svtv-kfed", "summary": "Mozilla researcher moz_bug_r_a4 demonstrated that javascript run via\nEvalInSandbox can escape the sandbox and gain elevated privilege by\ncalling valueOf() on objects created outside the sandbox and inserted\ninto it. Malicious scripts could use these privileges to compromise\nyour computer or data.In Mozilla clients the primary use for EvalInSandbox is to run the\nProxy Autoconfig script should one be specified by your network\nadministrator. This is a rare option for home users, it is primarily\nused by institutional networks which have a need for remote configuration.The popular Greasemonkey extension uses EvalInSandbox to run userscripts\nwhich manipulate the web pages you visit on your behalf. Using this\nvulnerability a malicious userscript could gain enough privilege to\ninstall malware, but even when Greasemonkey is working as designed\na malicious userscript can make life miserable. Only install userscripts\nfrom sources you can trust.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787", "reference_id": "CVE-2006-2787", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-31", "reference_id": "mfsa2006-31", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-31" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2787" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75qe-svtv-kfed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2521?format=api", "vulnerability_id": "VCID-gkek-gx5h-jya7", "summary": "Web content could access the nsISelectionPrivate interface of the Selection\nobject and use it to add a SelectionListener. The listener would be called when\nthe user did a \"Find\" on the page or a \"select all\", and as intended this\nshouldn't cause any problems. But as with escaping the PAC sandbox\nin MFSA 2006-31 and content-defined DOM setters in\nMFSA 2006-37 moz_bug_r_a4 figured a way to\nleverage the fact that the notifications were created in a privileged context\ninto arbitrary code execution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777", "reference_id": "CVE-2006-2777", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-43", "reference_id": "mfsa2006-43", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2777" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkek-gx5h-jya7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2589?format=api", "vulnerability_id": "VCID-jmr2-fjtx-xufk", "summary": "Kazuho Oku of Cybozu Labs reports via the Information-technology Promotion\nAgency, Japan, that Firefox is vulnerable to HTTP response smuggling when\nused with certain proxy servers.The first technique takes advantage of Mozilla's lenient handling\nof HTTP header syntax which was necessary in the past to cope with various\nreal-world servers. One aspect was to accept HTTP headers with space\ncharacters between the header name and the colon. A modern proxy with strict\nsyntax checking would ignore these as invalid headers while Mozilla\nclients might accept them and interpret one long response as two shorter\nresponses. If a page on the malicious host can make Firefox issue two\nrequests in succession, one to the malicious host and one to the victim\nsite, the second part of the response from the malicious site could\nbe interpreted as the response from the victim site. The content of\nthat response could be a web page that could steal login cookies or\nother sensitive data if the user has an account at the victim site.A second variant accomplishes the same thing by sending HTTP 1.1\nheaders through an HTTP 1.0 proxy such as the popular Squid. The proxy\nwill ignore the unknown 1.1 header (such as \"Transfer-Encoding: chunked\")\nwhile Mozilla-based clients will accept them and again can be made to\ninterpret one long request as two shorter ones.If the user is not browsing through a proxy the same attacks\ncan still be mounted but would be effective only if the malicious\nsite were at the same IP address as the victim site.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail. Thunderbird users are extremely unlikely to have logged\ninto a website using their mail client further reducing the risk from\nthis vulnerability.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786", "reference_id": "CVE-2006-2786", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-33", "reference_id": "mfsa2006-33", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2786" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmr2-fjtx-xufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2517?format=api", "vulnerability_id": "VCID-puyd-54pf-mkd5", "summary": "Paul Nickerson discovered that content-defined setters on an object prototype were\ngetting called by privileged UI code, and moz_bug_r_a4 was able to develop an\nexploit PoC that demonstrated that the higher privilege level could be passed\nalong to the content-defined attack code.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776", "reference_id": "CVE-2006-2776", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-37", "reference_id": "mfsa2006-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2776" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-puyd-54pf-mkd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2579?format=api", "vulnerability_id": "VCID-rdb6-pks2-9qe9", "summary": "Masatoshi Kimura reported a hang caused by a double-free in Thunderbird\nwhen processing a large VCard with invalid base64 characters in it.\nSince an attacker can supply an arbitrary amount of\nwell-formed VCard data before introducing the error we presume this could\nbe exploited to run code of the attacker's choosing.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781", "reference_id": "CVE-2006-2781", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2781" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-40", "reference_id": "mfsa2006-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2781" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdb6-pks2-9qe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2502?format=api", "vulnerability_id": "VCID-t3kn-qbsv-rfht", "summary": "Chuck McAuley provided Proof-of-Concept code that demonstrates that\nMFSA 2006-23 was not fixed for all cases. \nIn Firefox 1.5.0.2 it is still possible to pre-fill a text input control \nwith the path to a file at a known location and then change the type of \nthe input control to a file upload control without having the value \nreset as intended.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782", "reference_id": "CVE-2006-2782", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-41", "reference_id": "mfsa2006-41", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-41" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2782" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t3kn-qbsv-rfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2566?format=api", "vulnerability_id": "VCID-tccv-gwuq-ske2", "summary": "In certain circumstances persisted XUL attributes are associated with the\nwrong URL. If an attacker can get a persisted string associated with an\nURL that will later eval or execute that attribute in a privileged\ncontext then the attacker's code will run with the full permissions\nof the browser.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775", "reference_id": "CVE-2006-2775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-35", "reference_id": "mfsa2006-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tccv-gwuq-ske2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2557?format=api", "vulnerability_id": "VCID-tfrg-nmxp-hbgm", "summary": "Masatoshi Kimura reports that the Unicode Byte-order-Mark (BOM) is\nstripped from UTF-8 pages during the conversion to Unicode before\nthe parser sees the web page. As a result the parser will see and\nprocess script tags that web input sanitizers may miss\nbecause they appear as \"scr[BOM]ipt\" or similar in the comment code\non the web site.Although Firefox 1.5.0.4 and later will be fixed and no longer\naccept such script tags, web sites will continue to be visited by\nolder versions of Firefox and Mozilla browsers. Web sites can protect\nthemselves by explicitly setting the character encoding to something other\nthan UTF-8, or by adding the Unicode byte-order marks to the repertoire\nof the site's input sanitizer.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783", "reference_id": "CVE-2006-2783", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-42", "reference_id": "mfsa2006-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2783" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrg-nmxp-hbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2563?format=api", "vulnerability_id": "VCID-x41m-aspw-53gp", "summary": "Paul Nickerson demonstrated that if an attacker could convince a user\nto right-click on a broken image and choose \"View Image\" from the context\nmenu then he could get javascript to run on a site of the attacker's choosing\nby making the image src attribute a javascript: URL and loading the target\nsite on mousedown. This could be used to steal login cookies or other\nconfidential information from the target site.Similarly, if a user could be convinced to right-click and choose\n\"Show only this frame\" on a frame whose src attribute is a javascript: URL\nthen that script would run in the context of the framing site. In order\nfor this variant to be effective not only would you have to convince the\nuser to view the frame, you would have to find an interesting target\nsite that can be made to host a frame of the attacker's choosing.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785", "reference_id": "CVE-2006-2785", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-34", "reference_id": "mfsa2006-34", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-2785" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x41m-aspw-53gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2569?format=api", "vulnerability_id": "VCID-yng5-8qtn-uka9", "summary": "Normally Mozilla-based clients prevent web content from linking to local files\nbut Eric Foley reports a partial bypass of this restriction by using Windows\nfilename syntax (on a Windows computer) rather than a file:/// URL as the\nSRC= attribute. The image will not be loaded on the web page--it will appear as\na broken image--but if a user can be convinced to right-click and select\n\"View Image\" then the content will be loaded. Since the image will replace\nthe current document attacker script cannot be run on it. Loading a local\nfile at a known location is about the extent of this attack.If the local file is a media file an external helper program may be launched\nto play the media depending on your settings. The action will be the same\nas if you had clicked on a remote link of the same media type and does not\npresent any additional risk. Local files identified as executable will\nnever be opened in this way, with \"executable\" broadly\ndefined on windows to include many scriptable document formats with a history\nof being abused.By referencing a local device rather than a file this could be used\nas a limited denial-of-service attack to hang the browser.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1942", "reference_id": "CVE-2006-1942", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1942" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-39", "reference_id": "mfsa2006-39", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "aliases": [ "CVE-2006-1942" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yng5-8qtn-uka9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" }