Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1219?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "36.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "36.0.3", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3074?format=api", "vulnerability_id": "VCID-a8xq-rj1q-fbcx", "summary": "Security researcher Atte Kettunen used the Address Sanitizer\ntool to discover a crash while drawing images through the Cairo graphics library\nwhile using the DrawTarget function. This can result in a\nsegmentation fault due to zero-ing out of memory outside the bounds of the\nimage.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824", "reference_id": "CVE-2015-0824", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-22", "reference_id": "mfsa2015-22", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0824" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8xq-rj1q-fbcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2912?format=api", "vulnerability_id": "VCID-acfd-3suf-mff4", "summary": "Security researcher Armin Ebert reported that opening\nhyperlinks on a page with the mouse and specific keyboard key combinations could\nallow a Chrome privileged URL to be opened without context restrictions being\npreserved. This could also allow for local files or resources from a known\nlocation to be opened with local privileges, bypassing security\nprotections.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821", "reference_id": "CVE-2015-0821", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-25", "reference_id": "mfsa2015-25", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0821" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-acfd-3suf-mff4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2969?format=api", "vulnerability_id": "VCID-b9t4-78nq-jyeh", "summary": "Security researcher Paul Bandha used the used the Address\nSanitizer tool to discover a use-after-free vulnerability when running specific\nweb content with IndexedDB to create an index. This leads to a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831", "reference_id": "CVE-2015-0831", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-16", "reference_id": "mfsa2015-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0831" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9t4-78nq-jyeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2998?format=api", "vulnerability_id": "VCID-bd32-947q-5ubf", "summary": "Security researcher Muneaki Nishimura reported that when\ncertificate pinning is set to \"strict\" mode, a period ('.') appended to a\nhostname in the address of a site allowed the bypass key pinning (HPKP) and HTTP\nStrict Transport Security (HSTS). Sites with a period appended were treated as\nhaving a different origin than sites without the period. If an attacker had a\nsecurity certificate for a domain with the added period, this would allow for a\nMan-in-the-middle (MITM) attack on users.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832", "reference_id": "CVE-2015-0832", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-13", "reference_id": "mfsa2015-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0832" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bd32-947q-5ubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2986?format=api", "vulnerability_id": "VCID-bhca-uehd-27c2", "summary": "Security researcher Atte Kettunen used the Address Sanitizer\ntool to discover an out-of-bounds read during the application of restyling and\nreflowing changes of web content using CSS. This results in a potentially\nexploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826", "reference_id": "CVE-2015-0826", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-20", "reference_id": "mfsa2015-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0826" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bhca-uehd-27c2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3089?format=api", "vulnerability_id": "VCID-btvm-4mn6-ybbb", "summary": "Security researcher Atte Kettunen used the Address Sanitizer\ntool to discover a buffer underflow during audio playback of a badly formatted\nMP3 audio files. Through memory allocation manipulation it may be possible to\nincorporate parts of Firefox memory into an MP3 stream accessible to scripts on\nthe page.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825", "reference_id": "CVE-2015-0825", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-21", "reference_id": "mfsa2015-21", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0825" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btvm-4mn6-ybbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3024?format=api", "vulnerability_id": "VCID-c3dt-fgub-cbb5", "summary": "Mozilla developer Matthew Noorenberghe reported that\nwhitelisted Mozilla domains could make UITour API calls while the\nUI Tour pages for Firefox are present in background tabs. If one of these\nMozilla domains was compromised and open in another tab, an attacker could then\nuse that tab to engage in spoofing and clickjacking in any foreground tab.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819", "reference_id": "CVE-2015-0819", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-26", "reference_id": "mfsa2015-26", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0819" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3dt-fgub-cbb5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3068?format=api", "vulnerability_id": "VCID-cgzj-r8va-aued", "summary": "Security researcher Alexander Kolesnik reported while the\nMozilla platform does not yet support TLS connections to TURN and STUN servers,\nthe WebRTC implementation would accept turns: and\nstuns: URIs and then attempt plaintext connections to the servers\nwhen these were used. This can lead to disclosure of credentials through a\nMan-in-the-middle (MITM) attack as the connection is not encrypted.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834", "reference_id": "CVE-2015-0834", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-15", "reference_id": "mfsa2015-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0834" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgzj-r8va-aued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3040?format=api", "vulnerability_id": "VCID-fk4s-hdw3-bbhp", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836", "reference_id": "CVE-2015-0836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-11", "reference_id": "mfsa2015-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fk4s-hdw3-bbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3033?format=api", "vulnerability_id": "VCID-fq2a-sv58-8ycr", "summary": "Security researcher Armin Ebert reported that a user\nreadable file in a known local path could be uploaded to a malicious site. This\nwas done by manipulating the autocomplete feature in a form and user interaction\nwith it. While the local file is not visibly uploaded through the form, its\ncontents are made available through the Document Object Model (DOM) to script\ncontent on the attacking page, leading to information disclosure.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822", "reference_id": "CVE-2015-0822", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-24", "reference_id": "mfsa2015-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0822" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fq2a-sv58-8ycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2979?format=api", "vulnerability_id": "VCID-m8xf-uesq-xfht", "summary": "Security researcher Holger Fuhrmannek previously reported CVE-2015-0833, which was fixed in \nMFSA2015-12. That flaw allowed for the updater to load binary DLL format files from\nthe local working directory or from the Windows temporary directories. During\nthe fixing of CVE-2015-0833, the need to ensure that updates use the updater.exe\nfrom the application directory was identified to mitigate the potential for\nfurther similar vulnerabilities. This change to updater.exe for Windows systems\nhas been made in this release.\nThis issue is specific to Windows and does not affect Linux or\nOS X systems.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833", "reference_id": "CVE-2015-0833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-12", "reference_id": "mfsa2015-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-12" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-58", "reference_id": "mfsa2015-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1239?format=api", "purl": "pkg:mozilla/Firefox@38.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@38.0.0" } ], "aliases": [ "CVE-2015-0833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8xf-uesq-xfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2947?format=api", "vulnerability_id": "VCID-mm4x-8rtx-9yd2", "summary": "Mozilla developer Jan de Mooij reported an issue that\naffects web content that relies on the Caja Compiler for\nprotection, or other similar sandboxing libraries. He found that some JavaScript\nobjects marked as non-extensible within Caja and Secure EcmaScript could be made\nextensible again, bypassing the Caja sandboxing security measures, when the\nJavaScript code should not be allowed to run.\nFirefox users are not directly impacted by this issue. This\nissue affects code running in Caja within loaded web content that should run\nwithin its protections.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820", "reference_id": "CVE-2015-0820", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-27", "reference_id": "mfsa2015-27", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0820" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm4x-8rtx-9yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3055?format=api", "vulnerability_id": "VCID-nez5-qtt1-f7dg", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen found a problem with OpenType Sanitiser (OTS) that resulted in\na use-after-free while expanding macros in some circumstances. This\nuse-after-free was only used for information displayed in the developer console\nand was not exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823", "reference_id": "CVE-2015-0823", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-23", "reference_id": "mfsa2015-23", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0823" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nez5-qtt1-f7dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3077?format=api", "vulnerability_id": "VCID-t79e-kk94-wbb3", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team and Mozilla security developer Gary Kwong\nused the Address Sanitizer tool to discover a double-free error when sending a\nzero-length XmlHttpRequest (XHR). This was due to errors in memory allocation\nwhen using different memory allocator libraries than jemalloc used\nby Mozilla builds. When those other memory allocators are used for build\ncompilation, this could cause a potentially exploitable crash during some XHR\nactions.\nThis vulnerability does not happen in Firefox as built by\nMozilla, but can occur when Firefox is built using a memory allocator that\nfollows older pre-standard behaviors.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828", "reference_id": "CVE-2015-0828", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-18", "reference_id": "mfsa2015-18", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0828" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t79e-kk94-wbb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2957?format=api", "vulnerability_id": "VCID-tddc-3c4k-s7hr", "summary": "Security researcher Pantrombka reported a buffer overflow\nin the libstagefright library during video playback when certain\ninvalid MP4 video files led to the allocation of a buffer that was too small for\nthe content. This led to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829", "reference_id": "CVE-2015-0829", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-17", "reference_id": "mfsa2015-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0829" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tddc-3c4k-s7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3087?format=api", "vulnerability_id": "VCID-wqxh-2v78-nkca", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to report an out-of-bounds\nread and an out-of-bounds write when rendering an improperly formatted SVG\ngraphic. This could potentially allow the attacker to read uninitialized memory.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827", "reference_id": "CVE-2015-0827", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-19", "reference_id": "mfsa2015-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0827" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqxh-2v78-nkca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2996?format=api", "vulnerability_id": "VCID-xb3p-sf1w-jbh2", "summary": "Security researcher Daniele Di Proietto discovered that when\nWebGL content crafted in a specific manner wrote strings, it would cause a crash\nwhen this content was run.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830", "reference_id": "CVE-2015-0830", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-14", "reference_id": "mfsa2015-14", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1219?format=api", "purl": "pkg:mozilla/Firefox@36.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" } ], "aliases": [ "CVE-2015-0830" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xb3p-sf1w-jbh2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0" }