Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1248?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "31.5.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "31.6.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2969?format=api", "vulnerability_id": "VCID-b9t4-78nq-jyeh", "summary": "Security researcher Paul Bandha used the used the Address\nSanitizer tool to discover a use-after-free vulnerability when running specific\nweb content with IndexedDB to create an index. This leads to a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831", "reference_id": "CVE-2015-0831", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-16", "reference_id": "mfsa2015-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" } ], "aliases": [ "CVE-2015-0831" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b9t4-78nq-jyeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3040?format=api", "vulnerability_id": "VCID-fk4s-hdw3-bbhp", "summary": "Mozilla developers and community identified and fixed several memory safety\nbugs in the browser engine used in Firefox and other Mozilla-based products.\nSome of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836", "reference_id": "CVE-2015-0836", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-11", "reference_id": "mfsa2015-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" } ], "aliases": [ "CVE-2015-0836" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fk4s-hdw3-bbhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3033?format=api", "vulnerability_id": "VCID-fq2a-sv58-8ycr", "summary": "Security researcher Armin Ebert reported that a user\nreadable file in a known local path could be uploaded to a malicious site. This\nwas done by manipulating the autocomplete feature in a form and user interaction\nwith it. While the local file is not visibly uploaded through the form, its\ncontents are made available through the Document Object Model (DOM) to script\ncontent on the attacking page, leading to information disclosure.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822", "reference_id": "CVE-2015-0822", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-24", "reference_id": "mfsa2015-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" } ], "aliases": [ "CVE-2015-0822" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fq2a-sv58-8ycr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2979?format=api", "vulnerability_id": "VCID-m8xf-uesq-xfht", "summary": "Security researcher Holger Fuhrmannek previously reported CVE-2015-0833, which was fixed in \nMFSA2015-12. That flaw allowed for the updater to load binary DLL format files from\nthe local working directory or from the Windows temporary directories. During\nthe fixing of CVE-2015-0833, the need to ensure that updates use the updater.exe\nfrom the application directory was identified to mitigate the potential for\nfurther similar vulnerabilities. This change to updater.exe for Windows systems\nhas been made in this release.\nThis issue is specific to Windows and does not affect Linux or\nOS X systems.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833", "reference_id": "CVE-2015-0833", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-12", "reference_id": "mfsa2015-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-12" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-58", "reference_id": "mfsa2015-58", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1241?format=api", "purl": "pkg:mozilla/Thunderbird@38.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1" } ], "aliases": [ "CVE-2015-0833" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8xf-uesq-xfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3087?format=api", "vulnerability_id": "VCID-wqxh-2v78-nkca", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to report an out-of-bounds\nread and an out-of-bounds write when rendering an improperly formatted SVG\ngraphic. This could potentially allow the attacker to read uninitialized memory.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827", "reference_id": "CVE-2015-0827", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-19", "reference_id": "mfsa2015-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1248?format=api", "purl": "pkg:mozilla/Thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" } ], "aliases": [ "CVE-2015-0827" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqxh-2v78-nkca" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0" }