Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1144?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "type": "mozilla", "namespace": "", "name": "Firefox ESR", "version": "24.7.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "24.8.0", "latest_non_vulnerable_version": "140.11.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2754?format=api", "vulnerability_id": "VCID-2mse-59w2-fbbv", "summary": "Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547", "reference_id": "CVE-2014-1547", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-56", "reference_id": "mfsa2014-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" } ], "aliases": [ "CVE-2014-1547" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mse-59w2-fbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2689?format=api", "vulnerability_id": "VCID-7yjs-kgmy-n3bm", "summary": "Mozilla community member John reported a crash in the Skia\nlibrary when scaling high quality images if the scaling operation takes too\nlong. This is caused by the image data being discarded while still in use by the\nscaling operation. This crash is potentially exploitable on some systems. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557", "reference_id": "CVE-2014-1557", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-64", "reference_id": "mfsa2014-64", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-64" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" } ], "aliases": [ "CVE-2014-1557" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yjs-kgmy-n3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2713?format=api", "vulnerability_id": "VCID-9kea-3747-qyek", "summary": "Developer Patrick Cozzi reported a crash in some\ncircumstances when using the Cesium JavaScript library to generate WebGL\ncontent. Mozilla developers determined that this crash is potentially\nexploitable.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556", "reference_id": "CVE-2014-1556", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-62", "reference_id": "mfsa2014-62", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" } ], "aliases": [ "CVE-2014-1556" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kea-3747-qyek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2753?format=api", "vulnerability_id": "VCID-hk88-1q9b-6khx", "summary": "Security researcher Jethro Beekman of the University of\nCalifornia, Berkeley reported a crash when the FireOnStateChange\nevent is triggered in some circumstances. This leads to a use-after-free and a\npotentially exploitable crash when it occurs.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555", "reference_id": "CVE-2014-1555", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-61", "reference_id": "mfsa2014-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" } ], "aliases": [ "CVE-2014-1555" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hk88-1q9b-6khx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2762?format=api", "vulnerability_id": "VCID-wyhd-jvb3-73fd", "summary": "Mozilla community member James Kitchener reported a crash in\nDirectWrite when rendering MathML content with specific fonts due to an error in\nhow font resources and tables are handled. This leads to use-after-free of a\nDirectWrite font-face object, resulting in a potentially exploitable crash.\nThis issue is limited to the Windows platform and does not\naffect OS X or Linux systems. In general this flaw cannot be exploited through \nemail in the Thunderbird product because scripting is disabled, but is potentially \na risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551", "reference_id": "CVE-2014-1551", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-59", "reference_id": "mfsa2014-59", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" } ], "aliases": [ "CVE-2014-1551" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyhd-jvb3-73fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2714?format=api", "vulnerability_id": "VCID-znh3-rqwe-8ke3", "summary": "Security researchers Tyson Smith and Jesse\nSchwartzentruber used the Address Sanitizer tool while fuzzing to\ndiscover a use-after-free error resulting in a crash. This is a result of a pair\nof NSSCertificate structures being added to a trust domain and then\none of them is removed while they are still in use by the trusted cache. This\ncrash is potentially exploitable.\nThis issue was addressed in the Network Security Services (NSS) library in version 3.16.2, \nshipping on affected platforms.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544", "reference_id": "CVE-2014-1544", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-63", "reference_id": "mfsa2014-63", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1144?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" } ], "aliases": [ "CVE-2014-1544" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znh3-rqwe-8ke3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.7.0" }