Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1200?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "type": "mozilla", "namespace": "", "name": "SeaMonkey", "version": "2.0.12", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.0.14", "latest_non_vulnerable_version": "2.38.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2897?format=api", "vulnerability_id": "VCID-5268-56yp-tfb7", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal memory mapping of non-local JS\nvariables contained a buffer overflow which could potentially be used\nby an attacker to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054", "reference_id": "CVE-2011-0054", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0054" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04", "reference_id": "mfsa2011-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0054" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5268-56yp-tfb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2812?format=api", "vulnerability_id": "VCID-5qnz-z32b-67hs", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053", "reference_id": "CVE-2011-0053", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0053" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01", "reference_id": "mfsa2011-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0053" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qnz-z32b-67hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2864?format=api", "vulnerability_id": "VCID-7rwb-wtw8-wqhz", "summary": "Independent security researcher Kuza55 and\nMicrosoft security researcher Tom Gallagher reported\nthat when plugin-initiated requests receive a 307 redirect response,\nthe plugin is not notified and the request is forwarded to the new\nlocation. This is true even for cross-site redirects, so any custom\nheaders that were added as part of the initial request would be\nforwarded intact across origins. This poses a CSRF risk for web\napplications that rely on custom headers only being present in\nrequests from their own origin.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059", "reference_id": "CVE-2011-0059", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0059" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10", "reference_id": "mfsa2011-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0059" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7rwb-wtw8-wqhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2830?format=api", "vulnerability_id": "VCID-acdp-mkw5-nkcc", "summary": "Alex Miller reported that when very long strings\nwere constructed and inserted into an HTML document, the browser would\nincorrectly construct the layout objects used to display the text.\nUnder such conditions an incorrect length would be calculated for a\ntext run resulting in too small of a memory buffer being allocated to\nstore the text. This issue could be used by an attacker to write data\npast the end of the buffer and execute malicious code on a victim's\ncomputer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058", "reference_id": "CVE-2011-0058", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0058" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07", "reference_id": "mfsa2011-07", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0058" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acdp-mkw5-nkcc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2896?format=api", "vulnerability_id": "VCID-akcd-7vmy-2ubj", "summary": "Security researcher Zach Hoffman reported that a\nrecursive call to eval() wrapped in\na try/catch statement places the browser into a\ninconsistent state. Any dialog box opened in this state is displayed\nwithout text and with non-functioning buttons. Closing the window\ncauses the dialog to evaluate to true. An attacker could use this\nissue to force a user into accepting any dialog, such as one granting\nelevated privileges to the page presenting the dialog.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051", "reference_id": "CVE-2011-0051", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0051" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02", "reference_id": "mfsa2011-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0051" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akcd-7vmy-2ubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2899?format=api", "vulnerability_id": "VCID-aptj-btqv-2ygb", "summary": "Security researcher Roberto Suggi Liverani\nreported that ParanoidFragmentSink, a class used to\nsanitize potentially unsafe HTML for display,\nallows javascript: URLs and other inline JavaScript when\nthe embedding document is a chrome document. While there are no\nunsafe uses of this class in any released products, extension code\ncould have potentially used it in an unsafe manner.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585", "reference_id": "CVE-2010-1585", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08", "reference_id": "mfsa2011-08", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2010-1585" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aptj-btqv-2ygb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2889?format=api", "vulnerability_id": "VCID-aqsc-b3nk-9kb4", "summary": "Security researcher Christian Holler reported that\nthe JavaScript engine's internal mapping of string values contained an\nerror in cases where the number of values being stored was above 64K.\nIn such cases an offset pointer was manually moved forwards and\nbackwards to access the larger address space. If an exception was\nthrown between the time that the offset pointer was moved forward and\nthe time it was reset, then the exception object would be read from an\ninvalid memory address, potentially executing attacker-controlled\nmemory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056", "reference_id": "CVE-2011-0056", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0056" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05", "reference_id": "mfsa2011-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0056" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqsc-b3nk-9kb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2849?format=api", "vulnerability_id": "VCID-cqbd-xw64-jqak", "summary": "Daniel Kozlowski reported that a\nJavaScript Worker could be used to keep a reference to an\nobject that could be freed during garbage collection. Subsequent\ncalls through this deleted reference could cause attacker-controlled\nmemory to be executed on a victim's computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057", "reference_id": "CVE-2011-0057", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0057" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06", "reference_id": "mfsa2011-06", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0057" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cqbd-xw64-jqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2872?format=api", "vulnerability_id": "VCID-wax4-bwfb-v3ff", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a method used\nby JSON.stringify contained a use-after-free error in\nwhich a currently in-use pointer was freed and subsequently\ndereferenced. This could lead to arbitrary code execution if an\nattacker was able to store malicious code in the freed section of\nmemory.Mozilla developer Igor Bukanov also independently\ndiscovered and reported this issue two weeks after the initial\nreport was received.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055", "reference_id": "CVE-2011-0055", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0055" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03", "reference_id": "mfsa2011-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1200?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" } ], "aliases": [ "CVE-2011-0055" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wax4-bwfb-v3ff" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.12" }