Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1190?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.3.0", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2902?format=api", "vulnerability_id": "VCID-2atj-k716-gqee", "summary": "Security researcher Mario Heiderich reported that\nHTML-encoded entities were being improperly decoded when displayed\ninside SVG elements. This could lead to XSS attacks on sites relying\non HTML encoding of user-supplied content.The inline SVG feature was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369", "reference_id": "CVE-2011-2369", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2369" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27", "reference_id": "mfsa2011-27", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2369" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2atj-k716-gqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2875?format=api", "vulnerability_id": "VCID-4w5f-1eqf-27gk", "summary": "Mozilla security researcher Christoph Diehl reported two\ncrashes in WebGL code. One crash was the result of an out-of-bounds\nread and could be used to read data from other processes who had\nstored data in the GPU. The severity of this issue was determined to\nbe high. The second crash was the result of an invalid write and could\nbe used to execute arbitrary code. The severity of this issue was\ndetermined to be critical.The WebGL functionality was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2367", "reference_id": "CVE-2011-2367", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2367" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-26", "reference_id": "mfsa2011-26", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2367" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4w5f-1eqf-27gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2865?format=api", "vulnerability_id": "VCID-9ch7-anjv-tubq", "summary": "Security research firm Context IS discovered that\nan image from a different domain could be loaded into a WebGL texture,\nand then each pixel could be rendered into a canvas element with a\nshader program, creating an approximation of the image in a form that\nwas readable by the creator of the WebGL texture. This could be used\nto steal image data from a different site and is considered a\nviolation of the same-origin policy.The WebGL functionality was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2366", "reference_id": "CVE-2011-2366", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2366" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-25", "reference_id": "mfsa2011-25", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2366" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ch7-anjv-tubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2831?format=api", "vulnerability_id": "VCID-9u32-fj4a-hffq", "summary": "Security researcher Martin Barbella reported that\nunder certain conditions, viewing a XUL document while JavaScript was\ndisabled caused deleted memory to be accessed. This flaw could\npotentially be used by an attacker to crash a victim's browser and run\narbitrary code on their computer.XUL document support was disabled by default in\nFirefox 4 and SeaMonkey 2.1 and users of those versions are not generally\nat risk. It is possible for add-ons to re-enable the feature for specific\nsites (for example, to support a legacy intranet XUL application) which would\nhave introduced this vulnerability while browsing those sites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373", "reference_id": "CVE-2011-2373", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2373" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20", "reference_id": "mfsa2011-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2373" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u32-fj4a-hffq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2866?format=api", "vulnerability_id": "VCID-k5t5-zv4u-w7am", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374", "reference_id": "CVE-2011-2374", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2374" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19", "reference_id": "mfsa2011-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2374" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5t5-zv4u-w7am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2799?format=api", "vulnerability_id": "VCID-s7bu-gy24-sudx", "summary": "Security researcher Jordi Chancel reported a crash\non multipart/x-mixed-replace images due to memory\ncorruption.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377", "reference_id": "CVE-2011-2377", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2377" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21", "reference_id": "mfsa2011-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2377" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bu-gy24-sudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2877?format=api", "vulnerability_id": "VCID-sgkt-a1hx-cyas", "summary": "Security researchers Chris Rohlf and Yan\nIvnitskiy of Matasano Security reported that when a\nJavaScript Array object had its length set to an\nextremely large value, the iteration of array elements that occurs\nwhen its reduceRight method was subsequently called could\nresult in the execution of attacker controlled memory due to an\ninvalid index value being used to access element properties.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371", "reference_id": "CVE-2011-2371", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2371" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22", "reference_id": "mfsa2011-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2371" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgkt-a1hx-cyas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2900?format=api", "vulnerability_id": "VCID-vp8w-pvrp-7kfn", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat it was possible for a non-whitelisted site to trigger an install\ndialog for add-ons and themes.This vulnerability was introduced in the browser engine used\nby Firefox 4 and SeaMonkey 2.1; it does not affect earlier versions.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370", "reference_id": "CVE-2011-2370", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2370" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28", "reference_id": "mfsa2011-28", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1190?format=api", "purl": "pkg:mozilla/SeaMonkey@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" } ], "aliases": [ "CVE-2011-2370" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vp8w-pvrp-7kfn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.2.0" }