Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1150?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "33.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "34.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2736?format=api", "vulnerability_id": "VCID-4r3z-auuz-sbez", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG discovered a buffer overflow when making\ncapitalization style changes during CSS parsing. This can cause a crash that is\npotentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576", "reference_id": "CVE-2014-1576", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-75", "reference_id": "mfsa2014-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1576" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r3z-auuz-sbez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2751?format=api", "vulnerability_id": "VCID-8gjw-35z7-wyeg", "summary": "Security researcher regenrecht reported, via TippingPoint's\nZero Day Initiative, a use-after-free during text layout when interacting with\ntext direction. This results in a crash which can lead to arbitrary code\nexecution. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581", "reference_id": "CVE-2014-1581", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-79", "reference_id": "mfsa2014-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1581" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gjw-35z7-wyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2766?format=api", "vulnerability_id": "VCID-c9de-9rrf-u7dk", "summary": "Mozilla developer Boris Zbarsky reported that a malicious app could use the AlarmAPI to read the values of cross-origin references, such as an iframe's location object, as part of an alarm's JSON data. This allows a malicious app to bypass same-origin policy.\nUsers are only at risk for this issue if a web app has been installed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583", "reference_id": "CVE-2014-1583", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-82", "reference_id": "mfsa2014-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1583" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9de-9rrf-u7dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2698?format=api", "vulnerability_id": "VCID-emcx-au3v-gbcf", "summary": "Google security researcher Michal Zalewski reported that\nwhen a malformed GIF image is repeatedly rendered within a\n<canvas> element, memory may not always be properly\ninitialized. The resulting series of images then uses this uninitialized memory\nduring rendering, allowing data to potentially leak to web content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1580", "reference_id": "CVE-2014-1580", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1580" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-78", "reference_id": "mfsa2014-78", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-78" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1580" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emcx-au3v-gbcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2692?format=api", "vulnerability_id": "VCID-j7uq-j289-zyff", "summary": "Using the Address Sanitizer tool, security researcher Abhishek\nArya (Inferno) of the Google Chrome Security Team found an\nout-of-bounds write when buffering WebM format video containing frames with\ninvalid tile sizes. This can lead to a potentially exploitable crash during WebM\nvideo playback.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578", "reference_id": "CVE-2014-1578", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-77", "reference_id": "mfsa2014-77", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1578" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7uq-j289-zyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2703?format=api", "vulnerability_id": "VCID-rd9r-695j-duff", "summary": "Security researcher Holger Fuhrmannek used the used the\nAddress Sanitizer tool to discover an out-of-bounds read issue with Web Audio\nwhen interacting with custom waveforms with invalid values. This results in a\ncrash and could allow for the reading of random memory which may contain\nsensitive data, or of memory addresses that could be used in combination with\nanother bug.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577", "reference_id": "CVE-2014-1577", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-76", "reference_id": "mfsa2014-76", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-76" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1577" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd9r-695j-duff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2734?format=api", "vulnerability_id": "VCID-rtvj-tgwt-17d2", "summary": "Mozilla developers Eric Shepherd and Jan-Ivar\nBruaroey reported issues with privacy and video sharing using WebRTC.\nOnce video sharing has started within a WebRTC session running within an\n<iframe>, video will continue to be shared even if the user\nselects the "e;Stop Sharing\" button in the controls. The camera will\nalso remain on even if the user navigates to another site and will begin\nstreaming again if the user returns to the original site. This is a privacy\nproblem and can lead to inadvertent video streaming. This does not affect\nimplementations that are not within an <iframe>.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585", "reference_id": "CVE-2014-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-81", "reference_id": "mfsa2014-81", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-81" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtvj-tgwt-17d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2760?format=api", "vulnerability_id": "VCID-xw7d-ecvh-1ff8", "summary": "Mozilla developers and community identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574", "reference_id": "CVE-2014-1574", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-74", "reference_id": "mfsa2014-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-74" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1574" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw7d-ecvh-1ff8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2785?format=api", "vulnerability_id": "VCID-yu4n-6wqb-ufeu", "summary": "Mozilla developer Patrick McManus reported a method to use\nSPDY or HTTP/2 connection coalescing to bypass key pinning on different sites\nthat resolve to the same IP address.This could allow the use of a fraudulent certificate when a saved pin for that subdomain should have prevented the connection. This leads to possible man-in-the-middle attacks if an attacker has control of the DNS connection and the ability to obtain a fraudulent certificate that browsers would accept in the absence of the pin.\nMozilla security engineer David Keeler discovered that when\nthere are specific problems verifying the issuer of an SSL certificate, the\nchecks necessary for key pinning would not be run. As a result, the user is then\npresented with the \"Untrusted Connection\" error page, which they can use to bypass the key pinning process on a site that should be pinned. This error message is always shown to the user and cannot be used to silently bypass key pinning on affected sites.\nKey pinning was first introduced in Firefox 32 and currently only covers a small number of built-in sites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1582", "reference_id": "CVE-2014-1582", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1582" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-80", "reference_id": "mfsa2014-80", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-80" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1150?format=api", "purl": "pkg:mozilla/Firefox@33.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" } ], "aliases": [ "CVE-2014-1582" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu4n-6wqb-ufeu" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@33.0.0" }