Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1191?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "4.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "5.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=api", "vulnerability_id": "VCID-5p5c-wgaj-nybv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079", "reference_id": "CVE-2011-0079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-0079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5c-wgaj-nybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2857?format=api", "vulnerability_id": "VCID-atu4-drfd-u3cb", "summary": "Two crashes that could potentially be exploited to run malicious\ncode were found in the WebGL feature and fixed in Firefox 4.0.1.\nIn addition the WebGLES libraries could potentially be used to bypass\na security feature of recent Windows versions. The WebGL feature was\nintroduced in Firefox 4; older versions are not affected by these issues.Nils reported that the WebGLES libraries in the Windows\nversion of Firefox were compiled without ASLR protection. An attacker who\nfound an exploitable memory corruption flaw could then use these libraries\nto bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable\non those platforms as it would be on Windows XP or other platforms.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1302", "reference_id": "CVE-2011-1302", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1302" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-17", "reference_id": "mfsa2011-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-1302" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atu4-drfd-u3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2891?format=api", "vulnerability_id": "VCID-jmw4-gesh-4bfj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413", "reference_id": "617413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmw4-gesh-4bfj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" }