Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1192?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.6.17", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.6.18", "latest_non_vulnerable_version": "151.0.3", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=api", "vulnerability_id": "VCID-5p5c-wgaj-nybv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06848", "scoring_system": "epss", "scoring_elements": "0.91516", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079", "reference_id": "CVE-2011-0079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-0079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5c-wgaj-nybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2859?format=api", "vulnerability_id": "VCID-7e5b-9pc6-ybey", "summary": "Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0067.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0052", "scoring_system": "epss", "scoring_elements": "0.67178", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0067" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644", "reference_id": "700644", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067", "reference_id": "CVE-2011-0067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14", "reference_id": "mfsa2011-14", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0067" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7e5b-9pc6-ybey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=api", "vulnerability_id": "VCID-a391-hcqz-p3ax", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0065.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83259", "scoring_system": "epss", "scoring_elements": "0.99284", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658", "reference_id": "700658", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065", "reference_id": "CVE-2011-0065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/18377.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17612.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17650.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html", "reference_id": "CVE-2011-0065;OSVDB-72085", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/17672.html" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0065" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a391-hcqz-p3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=api", "vulnerability_id": "VCID-cy77-z9ha-vfeg", "summary": "David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60429", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076", "reference_id": "CVE-2011-0076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15", "reference_id": "mfsa2011-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy77-z9ha-vfeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2891?format=api", "vulnerability_id": "VCID-jmw4-gesh-4bfj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71052", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413", "reference_id": "617413", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617413" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386", "reference_id": "684386", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=684386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1265", "reference_id": "RHSA-2012:1265", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1265" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmw4-gesh-4bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=api", "vulnerability_id": "VCID-ubew-6znz-akgq", "summary": "Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0071.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01674", "scoring_system": "epss", "scoring_elements": "0.82482", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635", "reference_id": "700635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=700635" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071", "reference_id": "CVE-2011-0071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16", "reference_id": "mfsa2011-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0471", "reference_id": "RHSA-2011:0471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0475", "reference_id": "RHSA-2011:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0475" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0071" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubew-6znz-akgq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }