Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1101?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "1.5.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2559?format=api", "vulnerability_id": "VCID-125v-281q-ufgj", "summary": "moz_bug_r_a4 discovered that the compilation scope of privileged\nbuilt-in XBL bindings was not fully protected from web content and\ncould be accessed by calling valueOf.call()\nand valueOf.apply() on a method of that binding. This could then\nbe used to compile and run attacker-supplied JavaScript, giving it\nthe privileges of the binding which would allow an attacker\nto install malware such as viruses and password sniffers.shutdown reported an alternate way to get to XBL compilation scope\nby inserting an XBL method into the DOM's document.body\nprototype chain.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733", "reference_id": "CVE-2006-1733", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-16", "reference_id": "mfsa2006-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1733" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-125v-281q-ufgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2561?format=api", "vulnerability_id": "VCID-49rf-24dt-vydg", "summary": "moz_bug_r_a4 discovered that .valueOf.call() and .valueOf.apply()\nwhen called with no arguments were returning the Object class\nprototype rather than the caller's global window object. When\ncalled on a reachable property of another window this provides\na hook to get around the same-origin protection, allowing an\nattacker to inject script into another window.Cross-site script injection can be used to steal confidential\ndata such as cookies or passwords, or perform actions on\nthe user's behalf. It can also be used to alter the content\nof the other window which could be used to fool a user\ninto trusting bogus information or downloaded content.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731", "reference_id": "CVE-2006-1731", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-19", "reference_id": "mfsa2006-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1731" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49rf-24dt-vydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2533?format=api", "vulnerability_id": "VCID-98rs-2wsu-2qg7", "summary": "shutdown reported a method of injecting running JavaScript code into\na page on another site using a modal alert to suspend an event handler\nwhile a new page is being loaded. This vulnerability allows an attacker\nto steal any confidential information the new page might contain,\nincluding any passwords and cookies which might allow the attacker\nto log on to that site as the victim.shutdown also reported a variant using the two-argument form of eval() that\ndid not require a modal dialog and would be much less obtrusive.\nmoz_bug_r_a4 reported two variants that bypassed our initial fixes,\none using \"new Script()\", the other extending the eval() attack using\nwindow.__proto__Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741", "reference_id": "CVE-2006-1741", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-09", "reference_id": "mfsa2006-09", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1741" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98rs-2wsu-2qg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2508?format=api", "vulnerability_id": "VCID-cmj4-etdb-pbbd", "summary": "Tristor reports that it was possible to spoof the browser's secure-site\nindicators (the lock icon, the site name in the URL field, the gold URL\nfield background in Firefox) by first loading the target secure site\nin a pop-up window, then changing its location to a different site.If the user has turned on the \"Entering secure site\" modal warning dialog\nthen the window location can be changed while that dialog is displayed\nand the secure-browsing indicators from the original site will remain.These dialogs are turned off by default in Firefox, and most Suite users\nclick the checkbox to turn them off.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740", "reference_id": "CVE-2006-1740", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-12", "reference_id": "mfsa2006-12", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1740" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmj4-etdb-pbbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2550?format=api", "vulnerability_id": "VCID-g3d9-vf5u-dqbk", "summary": "Using the eval associated with methods of an XBL binding it was possible\nto create JavaScript functions that would get compiled with the wrong\nprivileges, allowing the attacker to run code of their choice with the\nfull permission of the user running the browser. This\ncould be used to install spyware or viruses.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735", "reference_id": "CVE-2006-1735", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-14", "reference_id": "mfsa2006-14", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1735" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3d9-vf5u-dqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2528?format=api", "vulnerability_id": "VCID-rcu3-aqdr-x3ej", "summary": "shutdown demonstrated how to use the window.controllers array\nto bypass same-origin protections, allowing a malicious site to\ninject script into content from another site. This could allow\nthe malicious page to steal information such as cookies or\npasswords from the other site, or perform transactions on the user's\nbehalf if the user were already logged in.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732", "reference_id": "CVE-2006-1732", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-17", "reference_id": "mfsa2006-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1732" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rcu3-aqdr-x3ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2549?format=api", "vulnerability_id": "VCID-rkdp-67ts-uyht", "summary": "By layering a transparent image link to an executable on top of a\nvisible (and presumably desirable) image\na malicious site might be able to convince some visitors to\nright-click and choose \"Save image as...\" from the context menu\nand fool them by giving them the executable instead. When the users\nlater double-click on the saved \"image\" to view or edit it\nthe attacker's malware would be run.The attacker could put a lot of spaces before the extension to hide it\nby pushing it out of the standard file-saving dialog, and once downloaded\nthe default Windows behavior of hiding the extension could make a filename\nsuch as \"bikini.jpg .exe\"\nlook like a legitimate image. The attacker\ncould further this illusion by embedding a common image icon into\nthe executable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736", "reference_id": "CVE-2006-1736", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-13", "reference_id": "mfsa2006-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1736" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkdp-67ts-uyht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2570?format=api", "vulnerability_id": "VCID-rmmr-446e-a3fe", "summary": "As part of the Firefox 1.5 release we fixed several crash bugs to\nimprove the stability of the product. Some of these crashes showed\nevidence of memory corruption that we presume could be exploited\nto run arbitrary code and have been applied to the Firefox 1.0.x\nand Mozilla Suite 1.7.x releasesWhile fixing an unexploitable recursion-induced crash Bernd Mielke\ndiscovered that the CSS border-rendering code could potentially write\npast the end of an array.Alden D'Souza reported a crash when using an extremely large\nregular expression in JavaScript. This was tracked down to a 16-bit\ninteger overflow that could potentially cause the browser to interpret\nattacker supplied data as JavaScript bytecode.Martijn Wargers found two potentially exploitable crashes when programmatically\nchanging the -moz-grid and -moz-grid-group display styles.Bob Clary found a memory corruption crash using the InstallTrigger.install()\nmethod that was introduced in Firefox 1.0.7 by one of the regression\nfixes described in MFSA 2005-58.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739", "reference_id": "CVE-2006-1739", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-11", "reference_id": "mfsa2006-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1739" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rmmr-446e-a3fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2503?format=api", "vulnerability_id": "VCID-s7pe-nyw7-dqa4", "summary": "shutdown discovered it was possible to use the Object.watch()\nmethod to access an internal function object (the \"clone parent\")\nwhich could then be used to run arbitrary JavaScript code with\nfull permission. This could be used to install malware such as\npassword sniffers or viruses.In pre-release versions of Firefox 1.5 the same technique could\nbe applied to the Array generic methods introduced in that release.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734", "reference_id": "CVE-2006-1734", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-15", "reference_id": "mfsa2006-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1734" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7pe-nyw7-dqa4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2591?format=api", "vulnerability_id": "VCID-vend-pzwu-5qe3", "summary": "A particular sequence of HTML tags that reliably crash\nMozilla clients was reported by an anonymous researcher via\nTippingPoint and the Zero Day Initiative. The crash is due to memory corruption\nthat can be exploited to run arbitrary code.Mozilla mail clients will crash on the tag sequence, but\nwithout the ability to run scripts to fill memory with the attack\ncode it may not be possible for an attacker to exploit this crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749", "reference_id": "CVE-2006-0749", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-18", "reference_id": "mfsa2006-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-0749" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vend-pzwu-5qe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2538?format=api", "vulnerability_id": "VCID-vn98-s2xg-37ap", "summary": "Igor Bukanov has audited the JavaScript engine for routines that use\ntemporary variables not protected against garbage-collection.\nIf malicious content could cause garbage-collection to run during the\nlifetime of these temporaries then the original routine would end up\noperating on freed memory.The risk appears remote, but this type of memory corruption could\npotentially be used by an attacker to run arbitrary code including\nthe installation of malware.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.Update (29 July 2006)\nAdded reference to bug 313500 which was part of this audit.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742", "reference_id": "CVE-2006-1742", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-10", "reference_id": "mfsa2006-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" } ], "aliases": [ "CVE-2006-1742" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vn98-s2xg-37ap" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" }