Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1193?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.5.19", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.6.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2800?format=api", "vulnerability_id": "VCID-5p5c-wgaj-nybv", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079", "reference_id": "CVE-2011-0079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12", "reference_id": "mfsa2011-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-0079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p5c-wgaj-nybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2859?format=api", "vulnerability_id": "VCID-7e5b-9pc6-ybey", "summary": "Security researcher Paul Stone reported that a\nJava applet could be used to mimic interaction with form autocomplete\ncontrols and steal entries from the form history.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067", "reference_id": "CVE-2011-0067", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14", "reference_id": "mfsa2011-14", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0067" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7e5b-9pc6-ybey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2881?format=api", "vulnerability_id": "VCID-a391-hcqz-p3ax", "summary": "Security researcher regenrecht reported several\ndangling pointer vulnerabilities via TippingPoint's Zero Day\nInitiative.Firefox 4 was not affected by these issues.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065", "reference_id": "CVE-2011-0065", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13", "reference_id": "mfsa2011-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0065" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a391-hcqz-p3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2810?format=api", "vulnerability_id": "VCID-cy77-z9ha-vfeg", "summary": "David Remahl of Apple Product Security reported\nthat the Java Embedding Plugin (JEP) shipped with the Mac OS X versions\nof Firefox could be exploited to obtain elevated access to resources on\na user's system.Firefox 4 was not affected by this issue.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076", "reference_id": "CVE-2011-0076", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15", "reference_id": "mfsa2011-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0076" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy77-z9ha-vfeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2891?format=api", "vulnerability_id": "VCID-jmw4-gesh-4bfj", "summary": "Chris Evans of the Chrome Security Team reported\nthat the XSLT generate-id() function returned a string that revealed\na specific valid address of an object on the memory heap. It is possible\nthat in some cases this address would be valuable information that could\nbe used by an attacker while exploiting a different memory corruption\nbut, in order to make an exploit more reliable or work around mitigation\nfeatures in the browser or operating system.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202", "reference_id": "CVE-2011-1202", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18", "reference_id": "mfsa2011-18", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/1191?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "aliases": [ "CVE-2011-1202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jmw4-gesh-4bfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2851?format=api", "vulnerability_id": "VCID-ubew-6znz-akgq", "summary": "Security researcher Soroush Dalili reported that\nthe resource: protocol could be exploited to allow directory traversal\non Windows and the potential loading of resources from non-permitted\nlocations. The impact would depend on whether interesting files existed\nin predictable locations in a useful format. For example, the existence\nor non-existence of particular images might indicate whether certain\nsoftware was installed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071", "reference_id": "CVE-2011-0071", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16", "reference_id": "mfsa2011-16", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1193?format=api", "purl": "pkg:mozilla/Firefox@3.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/1192?format=api", "purl": "pkg:mozilla/Firefox@3.6.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.17" } ], "aliases": [ "CVE-2011-0071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubew-6znz-akgq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.19" }