Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1241?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "38.0.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "38.1.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2970?format=api", "vulnerability_id": "VCID-2u3s-8pqy-27gd", "summary": "Security researcher Aki Helin used the Address Sanitizer\ntool to find a buffer overflow during video playback on Linux systems. This was\ndue to a problem in older versions of the Gstreamer plugin during the parsing of\nH.264 formatted video. This issue could be used to induce a possibly exploitable\ncrash.\nThis issue does not affect the current 1.0 version of Gstreamer\nand does not affect Windows or OS X systems.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797", "reference_id": "CVE-2015-0797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-47", "reference_id": "mfsa2015-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:mozilla/Thunderbird@31.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-0797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2u3s-8pqy-27gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3006?format=api", "vulnerability_id": "VCID-g4jc-hh17-wbex", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708", "reference_id": "CVE-2015-2708", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-46", "reference_id": "mfsa2015-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:mozilla/Thunderbird@31.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-2708" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4jc-hh17-wbex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3086?format=api", "vulnerability_id": "VCID-gj9v-hz2y-j3h2", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen found a buffer overflow during the rendering of SVG format\ngraphics when combined with specific CSS properties on a page. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710", "reference_id": "CVE-2015-2710", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-48", "reference_id": "mfsa2015-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:mozilla/Thunderbird@31.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-2710" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj9v-hz2y-j3h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2979?format=api", "vulnerability_id": "VCID-m8xf-uesq-xfht", "summary": "Security researcher Holger Fuhrmannek previously reported CVE-2015-0833, which was fixed in \nMFSA2015-12. That flaw allowed for the updater to load binary DLL format files from\nthe local working directory or from the Windows temporary directories. During\nthe fixing of CVE-2015-0833, the need to ensure that updates use the updater.exe\nfrom the application directory was identified to mitigate the potential for\nfurther similar vulnerabilities. This change to updater.exe for Windows systems\nhas been made in this release.\nThis issue is specific to Windows and does not affect Linux or\nOS X systems.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833", "reference_id": "CVE-2015-0833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-12", "reference_id": "mfsa2015-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-12" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-58", "reference_id": "mfsa2015-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-0833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8xf-uesq-xfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3070?format=api", "vulnerability_id": "VCID-nzaw-bp6y-qkbq", "summary": "Security researcher Ucha Gobejishvili used the Address\nSanitizer tool to find a buffer overflow while parsing compressed XML content.\nThis was due to an error in how buffer space is created and modified when\nhandling large amounts of XML data. This results in a potentially exploitable\ncrash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716", "reference_id": "CVE-2015-2716", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54", "reference_id": "mfsa2015-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:mozilla/Thunderbird@31.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-2716" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzaw-bp6y-qkbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3067?format=api", "vulnerability_id": "VCID-sm73-ujuw-z7cy", "summary": "Security researcher Scott Bell used the Address Sanitizer\ntool to discover a use-after-free error during the processing of text when\nvertical text is enabled. This leads to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713", "reference_id": "CVE-2015-2713", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-51", "reference_id": "mfsa2015-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:mozilla/Thunderbird@31.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-2713" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sm73-ujuw-z7cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2954?format=api", "vulnerability_id": "VCID-yff7-y65u-2fbt", "summary": "Mozilla Developer Jed Davis and Mozilla security engineer\nChristoph Diehl reported that Mozilla had inherited a\nInter-process Communication (IPC) vulnerability when IPC was introduced into\nMozilla products through third-party code. This could allow for privilege\nescalation through IPC channels due to lack of message validation in the\nlistener process. \nThis issue only affects systems running Windows, leaving Linux\nand OS X unaffected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079", "reference_id": "CVE-2011-3079", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-57", "reference_id": "mfsa2015-57", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1242?format=api", "purl": "pkg:mozilla/Thunderbird@31.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2011-3079" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yff7-y65u-2fbt" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" }