Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1129?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.0.3", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2613?format=api", "vulnerability_id": "VCID-e15r-7w4r-syfy", "summary": "Mozilla discovered several bugs in liboggplay which posed potential\nmemory safety issues. The bugs which were fixed could potentially be\nused by an attacker to crash a victim's browser and execute arbitrary\ncode on their computer.Audio and Video capabilities were added to the Mozilla browser\nengine in Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of\nthese products were not affected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388", "reference_id": "CVE-2009-3388", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3388" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66", "reference_id": "mfsa2009-66", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3388" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e15r-7w4r-syfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2644?format=api", "vulnerability_id": "VCID-feey-1wqm-ekhz", "summary": "Security researcher Jonathan Morgan reported that\nwhen a page loaded over an insecure protocol, such as http: or file:,\nsets its document.location to a https: URL which\nresponds with a 204 status and empty response body, the insecure page\nwill receive SSL indicators near the location bar, but will not have\nits page content modified in any way. This could lead to a user\nbelieving they were on a secure page when in fact they were not.Security researcher Jordi Chancel reported an\nissue similar to one fixed\nin mfsa2009-44 in which a web page can\nset document.location to a URL that can't be displayed\nproperly and then inject content into the resulting blank page. An\nattacker could use this vulnerability to place a legitimate-looking\nbut invalid URL in the location bar and inject HTML and JavaScript\ninto the body of the page, resulting in a spoofing attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984", "reference_id": "CVE-2009-3984", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3984" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69", "reference_id": "mfsa2009-69", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-feey-1wqm-ekhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2637?format=api", "vulnerability_id": "VCID-hfx9-d6d1-5kbv", "summary": "Security researcher Gregory Fleischer reported\nthat the exception messages generated by\nMozilla's GeckoActiveXObject differ based on whether or\nnot the requested COM object's ProgID is present in the system\nregistry. A malicious site could use this vulnerability to enumerate\na list of COM objects installed on a user's system and create a\nprofile to track the user across browsing sessions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987", "reference_id": "CVE-2009-3987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3987" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71", "reference_id": "mfsa2009-71", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3987" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hfx9-d6d1-5kbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2611?format=api", "vulnerability_id": "VCID-n2jn-bkz2-yygh", "summary": "Security researcher Takehiro Takahashi of the IBM\nX-Force reported that Mozilla's NTLM implementation was vulnerable to\nreflection attacks in which NTLM credentials from one application\ncould be forwarded to another arbitrary application via the browser.\nIf an attacker could get a user to visit a web page he controlled he\ncould force NTLM authenticated requests to be forwarded to another\napplication on behalf of the user.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983", "reference_id": "CVE-2009-3983", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3983" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68", "reference_id": "mfsa2009-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2jn-bkz2-yygh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=api", "vulnerability_id": "VCID-s9ey-mtj5-vbey", "summary": "Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property. Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986", "reference_id": "CVE-2009-3986", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70", "reference_id": "mfsa2009-70", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3986" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ey-mtj5-vbey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2652?format=api", "vulnerability_id": "VCID-u6e2-wfx5-r3cu", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979", "reference_id": "CVE-2009-3979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3979" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65", "reference_id": "mfsa2009-65", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3979" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6e2-wfx5-r3cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2624?format=api", "vulnerability_id": "VCID-v1gt-2387-67dw", "summary": "Security researcher Dan Kaminsky reported an\ninteger overflow in the Theora video library. A video's dimensions\nwere being multiplied together and used in particular memory\nallocations. When the video dimensions were sufficiently large, the\nmultiplication could overflow a 32-bit integer resulting in too small\na memory buffer being allocated for the video. An attacker could use\na specially crafted video to write data past the bounds of this\nbuffer, causing a crash and potentially running arbitrary code on a\nvictim's computer.Mozilla intern David Keeler also independently\nreported this issue as well as an additional crash which was\ndetermined to be a denial-of-service.Video capabilities were added to the Mozilla browser engine\nin Firefox 3.5, SeaMonkey 2.0, and Thunderbird 3.0; prior releases of these\nproducts were not affected.These bugs were fixed upstream in Theora version 1.1\n(\"Thusnelda\") but the older version used in Firefox 3.5 needed this\npatch.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389", "reference_id": "CVE-2009-3389", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3389" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67", "reference_id": "mfsa2009-67", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" } ], "aliases": [ "CVE-2009-3389" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1gt-2387-67dw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1" }