Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1152?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "31.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "31.3.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2736?format=api", "vulnerability_id": "VCID-4r3z-auuz-sbez", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG discovered a buffer overflow when making\ncapitalization style changes during CSS parsing. This can cause a crash that is\npotentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576", "reference_id": "CVE-2014-1576", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-75", "reference_id": "mfsa2014-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" } ], "aliases": [ "CVE-2014-1576" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4r3z-auuz-sbez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2751?format=api", "vulnerability_id": "VCID-8gjw-35z7-wyeg", "summary": "Security researcher regenrecht reported, via TippingPoint's\nZero Day Initiative, a use-after-free during text layout when interacting with\ntext direction. This results in a crash which can lead to arbitrary code\nexecution. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581", "reference_id": "CVE-2014-1581", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-79", "reference_id": "mfsa2014-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" } ], "aliases": [ "CVE-2014-1581" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gjw-35z7-wyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2692?format=api", "vulnerability_id": "VCID-j7uq-j289-zyff", "summary": "Using the Address Sanitizer tool, security researcher Abhishek\nArya (Inferno) of the Google Chrome Security Team found an\nout-of-bounds write when buffering WebM format video containing frames with\ninvalid tile sizes. This can lead to a potentially exploitable crash during WebM\nvideo playback.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578", "reference_id": "CVE-2014-1578", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-77", "reference_id": "mfsa2014-77", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" } ], "aliases": [ "CVE-2014-1578" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7uq-j289-zyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2703?format=api", "vulnerability_id": "VCID-rd9r-695j-duff", "summary": "Security researcher Holger Fuhrmannek used the used the\nAddress Sanitizer tool to discover an out-of-bounds read issue with Web Audio\nwhen interacting with custom waveforms with invalid values. This results in a\ncrash and could allow for the reading of random memory which may contain\nsensitive data, or of memory addresses that could be used in combination with\nanother bug.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577", "reference_id": "CVE-2014-1577", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-76", "reference_id": "mfsa2014-76", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-76" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" } ], "aliases": [ "CVE-2014-1577" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rd9r-695j-duff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2734?format=api", "vulnerability_id": "VCID-rtvj-tgwt-17d2", "summary": "Mozilla developers Eric Shepherd and Jan-Ivar\nBruaroey reported issues with privacy and video sharing using WebRTC.\nOnce video sharing has started within a WebRTC session running within an\n<iframe>, video will continue to be shared even if the user\nselects the "e;Stop Sharing\" button in the controls. The camera will\nalso remain on even if the user navigates to another site and will begin\nstreaming again if the user returns to the original site. This is a privacy\nproblem and can lead to inadvertent video streaming. This does not affect\nimplementations that are not within an <iframe>.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585", "reference_id": "CVE-2014-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-81", "reference_id": "mfsa2014-81", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-81" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" } ], "aliases": [ "CVE-2014-1585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtvj-tgwt-17d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2760?format=api", "vulnerability_id": "VCID-xw7d-ecvh-1ff8", "summary": "Mozilla developers and community identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574", "reference_id": "CVE-2014-1574", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-74", "reference_id": "mfsa2014-74", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-74" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1152?format=api", "purl": "pkg:mozilla/Thunderbird@31.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" } ], "aliases": [ "CVE-2014-1574" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw7d-ecvh-1ff8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.2.0" }