Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1114?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.5.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.5.6", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2634?format=api", "vulnerability_id": "VCID-bwba-bq5v-y3cf", "summary": "Security research firm iDefense reported that\nresearcher regenrecht discovered a heap-based buffer\noverflow in Mozilla's GIF image parser. This vulnerability could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373", "reference_id": "CVE-2009-3373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56", "reference_id": "mfsa2009-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwba-bq5v-y3cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2628?format=api", "vulnerability_id": "VCID-cdn3-4erv-3kbs", "summary": "Security researcher Marco C. reported a flaw in\nthe parsing of regular expressions used in Proxy Auto-configuration\n(PAC) files. In certain cases this flaw could be used by an attacker\nto crash a victim's browser and run arbitrary code on their computer.\nSince this vulnerability requires the victim to have PAC configured in\ntheir environment with specific regular expressions which can trigger\nthe crash, the severity of the issue was determined to be\nmoderate.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372", "reference_id": "CVE-2009-3372", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55", "reference_id": "mfsa2009-55", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3372" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdn3-4erv-3kbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2598?format=api", "vulnerability_id": "VCID-f6ej-8y41-f3a9", "summary": "Security researcher Jeremy Brown reported that the\nfile naming scheme used for downloading a file which already exists in\nthe downloads folder is predictable. If an attacker had local access\nto a victim's computer and knew the name of a file the victim intended\nto open through the Download Manager, he could use this vulnerability\nto place a malicious file in the world-writable directory used to save\ntemporary downloaded files and cause the browser to choose the\nincorrect file when opening it. Since this attack requires local\naccess to the victim's machine, the severity of this vulnerability was\ndetermined to be low.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274", "reference_id": "CVE-2009-3274", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53", "reference_id": "mfsa2009-53", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3274" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f6ej-8y41-f3a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2629?format=api", "vulnerability_id": "VCID-kg61-mkup-83e9", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377", "reference_id": "CVE-2009-3377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3377" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kg61-mkup-83e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2632?format=api", "vulnerability_id": "VCID-mwqp-k6tx-5fbb", "summary": "Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community. Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer. liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370", "reference_id": "CVE-2009-3370", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-52", "reference_id": "mfsa2009-52", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-52" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63", "reference_id": "mfsa2009-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3370" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwqp-k6tx-5fbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2685?format=api", "vulnerability_id": "VCID-n4ww-93jx-8uhk", "summary": "Security researcher Orlando Berrera of Sec Theory\nreported that recursive creation of JavaScript web-workers can be used\nto create a set of objects whose memory could be freed prior to their\nuse. These conditions often result in a crash which could potentially\nbe used by an attacker to run arbitrary code on a victim's\ncomputer.Web Workers were introduced in Firefox 3.5 so this\nvulnerability did not affect earlier releases such as Firefox 3.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371", "reference_id": "CVE-2009-3371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3371" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54", "reference_id": "mfsa2009-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3371" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n4ww-93jx-8uhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2627?format=api", "vulnerability_id": "VCID-ngse-2y4s-13hs", "summary": "Security researcher Alin Rad Pop of Secunia\nResearch reported a heap-based buffer overflow in Mozilla's string to\nfloating point number conversion routines. Using this vulnerability\nan attacker could craft some malicious JavaScript code containing a\nvery long string to be converted to a floating point number which\nwould result in improper memory allocation and the execution of an\narbitrary memory location. This vulnerability could thus be leveraged\nby the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used\nby Mozilla appears to be essentially the same as that reported against the\nlibc gdtoa routine by Maksymilian Arciemowicz.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689", "reference_id": "CVE-2009-0689", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-59", "reference_id": "mfsa2009-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-0689" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngse-2y4s-13hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2622?format=api", "vulnerability_id": "VCID-q9yf-bpwj-cfcy", "summary": "Security researcher Gregory Fleischer reported\nthat text within a selection on a web page can be read by JavaScript\nin a different domain using the document.getSelection\nfunction, violating the same-origin policy. Since this vulnerability\nrequires user interaction to exploit, its severity was determined to\nbe moderate.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375", "reference_id": "CVE-2009-3375", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61", "reference_id": "mfsa2009-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3375" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yf-bpwj-cfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2650?format=api", "vulnerability_id": "VCID-qu47-gy34-3fhf", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XPCOM utility XPCVariant::VariantDataToJS\nunwrapped doubly-wrapped objects before returning them to chrome\ncallers. This could result in chrome privileged code calling methods\non an object which had previously been created or modified by web\ncontent, potentially executing malicious JavaScript code with chrome\nprivileges.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374", "reference_id": "CVE-2009-3374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57", "reference_id": "mfsa2009-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qu47-gy34-3fhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2607?format=api", "vulnerability_id": "VCID-rub4-fa7f-tfe8", "summary": "Mozilla security researchers Jesse Ruderman\nand Sid Stamm reported that when downloading a file\ncontaining a right-to-left override character (RTL) in the filename,\nthe name displayed in the dialog title bar conflicts with the name of\nthe file shown in the dialog body. An attacker could use this\nvulnerability to obfuscate the name and file extension of a file to be\ndownloaded and opened, potentially causing a user to run an executable\nfile when they expected to open a non-executable file.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376", "reference_id": "CVE-2009-3376", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62", "reference_id": "mfsa2009-62", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rub4-fa7f-tfe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2665?format=api", "vulnerability_id": "VCID-wqey-n4t3-87gy", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380", "reference_id": "CVE-2009-3380", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64", "reference_id": "mfsa2009-64", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1115?format=api", "purl": "pkg:mozilla/Firefox@3.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/1114?format=api", "purl": "pkg:mozilla/Firefox@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" } ], "aliases": [ "CVE-2009-3380" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqey-n4t3-87gy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.4" }