Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1155?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "type": "mozilla", "namespace": "", "name": "Seamonkey", "version": "2.25.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.26.0", "latest_non_vulnerable_version": "2.31.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2708?format=api", "vulnerability_id": "VCID-2c8u-8fg3-bkg7", "summary": "Mozilla developer Ehsan Akhgari reported a spoofing attack\nwhere the permission prompt for a WebRTC session can appear to be from a\ndifferent site than its actual originating site if a timed navigation occurs\nduring the prompt generation. This allows an attacker to potentially gain access\nto the webcam or microphone by masquerading as another site and gaining user\npermission through spoofing.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1499", "reference_id": "CVE-2014-1499", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1499" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-19", "reference_id": "mfsa2014-19", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1499" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2c8u-8fg3-bkg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2721?format=api", "vulnerability_id": "VCID-5c7k-2w7y-53a4", "summary": "Security researcher Ash reported an issue where the\nextracted files for updates to existing files are not read only during the\nupdate process. This allows for the potential replacement or modification of\nthese files during the update process if a malicious application is present on\nthe local system.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496", "reference_id": "CVE-2014-1496", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16", "reference_id": "mfsa2014-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1496" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5c7k-2w7y-53a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2702?format=api", "vulnerability_id": "VCID-7txh-z3jm-eyen", "summary": "Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service (DOS) attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1498", "reference_id": "CVE-2014-1498", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1498" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-18", "reference_id": "mfsa2014-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1498" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7txh-z3jm-eyen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2731?format=api", "vulnerability_id": "VCID-8rk8-j7fe-vqe1", "summary": "Mozilla developer Jeff Gilbert discovered a mechanism where\na malicious site with WebGL content could inject content from its context to\nthat of another site's WebGL context, causing the second site to replace\ntextures and similar content. This cannot be used to steal data but could be\nused to render arbitrary content in these limited circumstances.\nIn general this flaw cannot be exploited through email in the\nSeamonkey product because WebGL is not enabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1502", "reference_id": "CVE-2014-1502", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1502" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-22", "reference_id": "mfsa2014-22", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1502" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8rk8-j7fe-vqe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2794?format=api", "vulnerability_id": "VCID-8wjb-buvs-tke7", "summary": "Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because audio is disabled, but is potentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1497", "reference_id": "CVE-2014-1497", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1497" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17", "reference_id": "mfsa2014-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1497" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8wjb-buvs-tke7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2750?format=api", "vulnerability_id": "VCID-94k4-5f3a-dfdg", "summary": "Security researcher John Thomson discovered a memory\ncorruption in the Cairo graphics library during font rendering of a PDF file for\ndisplay. This memory corruption leads to a potentially exploitable crash and to\na denial of service (DOS). This issues is not able to be triggered in a default\nconfiguration and would require a malicious extension to be installed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1509", "reference_id": "CVE-2014-1509", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1509" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-27", "reference_id": "mfsa2014-27", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1509" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-94k4-5f3a-dfdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2795?format=api", "vulnerability_id": "VCID-db6q-f9hh-cyhg", "summary": "Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1493", "reference_id": "CVE-2014-1493", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1493" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15", "reference_id": "mfsa2014-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1493" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db6q-f9hh-cyhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2717?format=api", "vulnerability_id": "VCID-erzv-vmyb-zqe4", "summary": "Security researchers Tim Philipp Schäfers and\nSebastian Neef, the team of Internetwache.org, reported a\nmechanism using JavaScript onbeforeunload events with page\nnavigation to prevent users from closing a malicious page's tab and causing the\nbrowser to become unresponsive. This allows for a denial of service (DOS) attack\ndue to resource consumption and blocks the ability of users to exit the\napplication.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1500", "reference_id": "CVE-2014-1500", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1500" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-20", "reference_id": "mfsa2014-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1500" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-erzv-vmyb-zqe4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2693?format=api", "vulnerability_id": "VCID-k8um-wsbq-eua7", "summary": "Security researcher Nicolas Golubovic reported that the\nContent Security Policy (CSP) of data: documents was not saved as\npart of session restore. If an attacker convinced a victim to open a document\nfrom a data: URL injected onto a page, this can lead to a\nCross-Site Scripting (XSS) attack. The target page may have a strict CSP that\nprotects against this XSS attack, but if the attacker induces a browser crash\nwith another bug, an XSS attack would occur during session restoration,\nbypassing the CSP on the site.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1504", "reference_id": "CVE-2014-1504", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1504" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-23", "reference_id": "mfsa2014-23", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1504" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k8um-wsbq-eua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2737?format=api", "vulnerability_id": "VCID-muhy-wae5-wyg7", "summary": "Security researcher Jüri Aedla, via TippingPoint's\nPwn2Own contest, reported that TypedArrayObject does not handle the\ncase where ArrayBuffer objects are neutered, setting their length\nto zero while still in use. This leads to out-of-bounds reads and writes into\nthe JavaScript heap, allowing for arbitrary code execution.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1513", "reference_id": "CVE-2014-1513", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1513" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-31", "reference_id": "mfsa2014-31", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-31" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1513" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-muhy-wae5-wyg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2791?format=api", "vulnerability_id": "VCID-myt3-8hgh-aqe7", "summary": "Security researcher George Hotz, via TippingPoint's Pwn2Own\ncontest, discovered an issue where values are copied from an array into a\nsecond, neutered array. This allows for an out-of-bounds write into memory,\ncausing an exploitable crash leading to arbitrary code execution.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1514", "reference_id": "CVE-2014-1514", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1514" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-32", "reference_id": "mfsa2014-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1514" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-myt3-8hgh-aqe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2790?format=api", "vulnerability_id": "VCID-p2cc-jfma-fbfz", "summary": "Mozilla developer Robert O'Callahan reported a mechanism for\ntiming attacks involving SVG filters and displacements input to\nfeDisplacementMap. This allows displacements to potentially be\ncorrelated with values derived from content. This is similar to the previously\nreported techniques used for SVG timing attacks and could allow for text values\nto be read across domains, leading to information disclosure.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1505", "reference_id": "CVE-2014-1505", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1505" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-28", "reference_id": "mfsa2014-28", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1505" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2cc-jfma-fbfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2732?format=api", "vulnerability_id": "VCID-qw61-3bns-dbfv", "summary": "Security researcher Mariusz Mlynski, via TippingPoint's\nPwn2Own contest, reported that it is possible for untrusted web content to load\na chrome-privileged page by getting JavaScript-implemented WebIDL to call\nwindow.open(). A second bug allowed the bypassing of the\npopup-blocker without user interaction. Combined these two bugs allow an\nattacker to load a JavaScript URL that is executed with the full privileges of\nthe browser, which allows arbitrary code execution.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1510", "reference_id": "CVE-2014-1510", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1510" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-29", "reference_id": "mfsa2014-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1510" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw61-3bns-dbfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2765?format=api", "vulnerability_id": "VCID-t6zv-bwtx-gbbd", "summary": "Security research firm VUPEN, via TippingPoint's Pwn2Own\ncontest, reported that memory pressure during Garbage Collection could lead to\nmemory corruption of TypeObjects in the JS engine, resulting in an exploitable\nuse-after-free condition.In general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1512", "reference_id": "CVE-2014-1512", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1512" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-30", "reference_id": "mfsa2014-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1512" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6zv-bwtx-gbbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2748?format=api", "vulnerability_id": "VCID-x6v1-mac8-13bz", "summary": "Security researcher Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover an out-of-bounds read\nduring polygon rendering in MathML. This can allow web content to potentially\nread protected memory addresses. In combination with previous techniques used\nfor SVG timing attacks, this could allow for text values to be read across\ndomains, leading to information disclosure.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1508", "reference_id": "CVE-2014-1508", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1508" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-26", "reference_id": "mfsa2014-26", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1155?format=api", "purl": "pkg:mozilla/Seamonkey@2.25.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" } ], "aliases": [ "CVE-2014-1508" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6v1-mac8-13bz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0" }