Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1142?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "31.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "31.1.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2754?format=api", "vulnerability_id": "VCID-2mse-59w2-fbbv", "summary": "Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547", "reference_id": "CVE-2014-1547", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-56", "reference_id": "mfsa2014-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1547" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mse-59w2-fbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2706?format=api", "vulnerability_id": "VCID-529a-q5b6-tyg4", "summary": "Mozilla developer Boris Zbarsky discovered an issue where\nnetwork-level redirects cause an <iframe> sandbox to forget \nits unique origin and behave as if the allow-same-origin keyword \nwere applied. This allows the sandboxed content to access other content from \nthe same origin without explicit approval. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1552", "reference_id": "CVE-2014-1552", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1552" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-66", "reference_id": "mfsa2014-66", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1552" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-529a-q5b6-tyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2726?format=api", "vulnerability_id": "VCID-5mdh-jt55-g7gr", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG discovered a buffer overflow during interaction\nwith the Web Audio buffer for playback because of an error in the the amount of\nallocated memory for buffers. This leads to a potentially exploitable crash with\nsome audio content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1549", "reference_id": "CVE-2014-1549", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1549" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-57", "reference_id": "mfsa2014-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1549" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mdh-jt55-g7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2689?format=api", "vulnerability_id": "VCID-7yjs-kgmy-n3bm", "summary": "Mozilla community member John reported a crash in the Skia\nlibrary when scaling high quality images if the scaling operation takes too\nlong. This is caused by the image data being discarded while still in use by the\nscaling operation. This crash is potentially exploitable on some systems. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557", "reference_id": "CVE-2014-1557", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-64", "reference_id": "mfsa2014-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1557" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yjs-kgmy-n3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2713?format=api", "vulnerability_id": "VCID-9kea-3747-qyek", "summary": "Developer Patrick Cozzi reported a crash in some\ncircumstances when using the Cesium JavaScript library to generate WebGL\ncontent. Mozilla developers determined that this crash is potentially\nexploitable.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556", "reference_id": "CVE-2014-1556", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-62", "reference_id": "mfsa2014-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1556" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kea-3747-qyek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2753?format=api", "vulnerability_id": "VCID-hk88-1q9b-6khx", "summary": "Security researcher Jethro Beekman of the University of\nCalifornia, Berkeley reported a crash when the FireOnStateChange\nevent is triggered in some circumstances. This leads to a use-after-free and a\npotentially exploitable crash when it occurs.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555", "reference_id": "CVE-2014-1555", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-61", "reference_id": "mfsa2014-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1555" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk88-1q9b-6khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2691?format=api", "vulnerability_id": "VCID-hm8u-e2tf-cuhv", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG discovered a use-after-free in Web Audio due to an\nissue with how control messages for Web Audio are ordered and processed. This\nleads to a potentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1550", "reference_id": "CVE-2014-1550", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1550" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-58", "reference_id": "mfsa2014-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1550" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm8u-e2tf-cuhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2709?format=api", "vulnerability_id": "VCID-tdfj-x912-a3cc", "summary": "Mozilla security researcher Christian Holler discovered\nseveral issues while fuzzing the parsing of SSL certificates. Two of these\nissues were a result of using characters that are not UTF-8 in certificates when\nvarious functions expected all strings to be UTF-8 format. The third issue was a\nresult of using characters that were not ASCII in certificates while a function\nexpected only ASCII formatted text. All of these issues causes the certificates\nto be incorrectly parsed, leading to a potential inability to use valid SSL\ncertificates.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1558", "reference_id": "CVE-2014-1558", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1558" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-65", "reference_id": "mfsa2014-65", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1558" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdfj-x912-a3cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2762?format=api", "vulnerability_id": "VCID-wyhd-jvb3-73fd", "summary": "Mozilla community member James Kitchener reported a crash in\nDirectWrite when rendering MathML content with specific fonts due to an error in\nhow font resources and tables are handled. This leads to use-after-free of a\nDirectWrite font-face object, resulting in a potentially exploitable crash.\nThis issue is limited to the Windows platform and does not\naffect OS X or Linux systems. In general this flaw cannot be exploited through \nemail in the Thunderbird product because scripting is disabled, but is potentially \na risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551", "reference_id": "CVE-2014-1551", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-59", "reference_id": "mfsa2014-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1551" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyhd-jvb3-73fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2715?format=api", "vulnerability_id": "VCID-zh1y-dse7-5bfx", "summary": "Mozilla developers David Chan and Gijs\nKruitbosch reported that it is possible to create a drag and drop event\nin web content which mimics the behavior of a chrome customization event. This\ncan occur when a user is customizing a page or panel. This results in a limited \nability to move UI icons within the visible window but does not otherwise affect\ncustomization or window content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1561", "reference_id": "CVE-2014-1561", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1561" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-60", "reference_id": "mfsa2014-60", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-60" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1561" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zh1y-dse7-5bfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2714?format=api", "vulnerability_id": "VCID-znh3-rqwe-8ke3", "summary": "Security researchers Tyson Smith and Jesse\nSchwartzentruber used the Address Sanitizer tool while fuzzing to\ndiscover a use-after-free error resulting in a crash. This is a result of a pair\nof NSSCertificate structures being added to a trust domain and then\none of them is removed while they are still in use by the trusted cache. This\ncrash is potentially exploitable.\nThis issue was addressed in the Network Security Services (NSS) library in version 3.16.2, \nshipping on affected platforms.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544", "reference_id": "CVE-2014-1544", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-63", "reference_id": "mfsa2014-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1142?format=api", "purl": "pkg:mozilla/Firefox@31.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" } ], "aliases": [ "CVE-2014-1544" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znh3-rqwe-8ke3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@31.0.0" }