Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/895?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "45.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "45.1.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1891?format=api", "vulnerability_id": "VCID-2pb1-uy1v-vuf1", "summary": "Mozilla developers fixed several memory safety bugs in the browser engine used in\nFirefox and other Mozilla-based products. Some of these bugs showed evidence of memory\ncorruption under certain circumstances, and we presume that with enough effort at least\nsome of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952", "reference_id": "CVE-2016-1952", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-16", "reference_id": "mfsa2016-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1952" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pb1-uy1v-vuf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1903?format=api", "vulnerability_id": "VCID-4hgx-k5jn-ckeu", "summary": "Security researcher Holger Fuhrmannek and Mozilla security engineer\nTyson Smith reported a number of security vulnerabilities in the Graphite\n2 library affecting version 1.3.5.\nThe issue reported by Holger Fuhrmannek is a mechanism to induce\nstack corruption with a malicious graphite font. This leads to a potentially exploitable\ncrash when the font is loaded.\nTyson Smith used the Address Sanitizer tool in concert with a custom\nsoftware fuzzer to find a series of uninitialized memory, out-of-bounds read, and\nout-of-bounds write errors when working with fuzzed graphite fonts. \n\nTo address these security vulnerabilities, Firefox 45 and Firefox ESR 38.7 have been\nupdated to Graphite 2 version 1.3.6.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977", "reference_id": "CVE-2016-1977", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37", "reference_id": "mfsa2016-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgx-k5jn-ckeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1960?format=api", "vulnerability_id": "VCID-8sb5-awtf-e7dn", "summary": "Security researcher Muneaki Nishimura (nishimunea) of Recruit\nTechnologies Co.,Ltd. reported that Content Security Policy (CSP) violation reports\ncontained full path information for cross-origin iframe navigations in violation of the\nCSP specification. This could result in information disclosure.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1955", "reference_id": "CVE-2016-1955", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1955" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-18", "reference_id": "mfsa2016-18", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1955" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sb5-awtf-e7dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=api", "vulnerability_id": "VCID-9wc3-cjef-3ucq", "summary": "Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950", "reference_id": "CVE-2016-1950", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35", "reference_id": "mfsa2016-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1950" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1917?format=api", "vulnerability_id": "VCID-b1zu-35mw-jkdg", "summary": "Security researchers Jose Martinez and Romina\nSantillan reported a memory leak in the libstagefright library when array\ndestruction occurs during MPEG4 video file processing.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957", "reference_id": "CVE-2016-1957", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20", "reference_id": "mfsa2016-20", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1957" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b1zu-35mw-jkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1973?format=api", "vulnerability_id": "VCID-cr9v-b95v-eyha", "summary": "Security researcher Ronald Crane reported an out-of-bounds read\nfollowing a failed allocation in the HTML parser while working with unicode strings. This\ncan also affect the parsing of XML and SVG format data. This leads to a potentially\nexploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974", "reference_id": "CVE-2016-1974", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34", "reference_id": "mfsa2016-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1974" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cr9v-b95v-eyha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1899?format=api", "vulnerability_id": "VCID-dhjd-31cm-1fh6", "summary": "Security researcher ca0nguyen, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the HTML5 string parser when parsing a particular set\nof table-related tags in a foreign fragment context such as SVG. This results in a\npotentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960", "reference_id": "CVE-2016-1960", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23", "reference_id": "mfsa2016-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1960" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhjd-31cm-1fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1872?format=api", "vulnerability_id": "VCID-dxam-cewh-63dt", "summary": "Security researcher Nicolas Golubovic reported that a malicious page\ncan overwrite files on the user's machine using Content Security Policy (CSP) violation\nreports. The file contents are restricted to the JSON format of the report. In many cases\noverwriting a local file may simply be destructive, breaking the functionality of that\nfile. The CSP error reports can include HTML fragments which could be rendered by\nbrowsers. If a user has disabled add-on signing and has installed an \"unpacked\" add-on, a\nmalicious page could overwrite one of the add-on resources. Depending on how this resource\nis used, this could lead to privilege escalation.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954", "reference_id": "CVE-2016-1954", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17", "reference_id": "mfsa2016-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1954" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dxam-cewh-63dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=api", "vulnerability_id": "VCID-fam8-n44k-2qh7", "summary": "Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979", "reference_id": "CVE-2016-1979", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36", "reference_id": "mfsa2016-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/909?format=api", "purl": "pkg:mozilla/Thunderbird@38.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1979" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1957?format=api", "vulnerability_id": "VCID-h3an-hzsd-3kfh", "summary": "Security researcher Ucha Gobejishvili reported a denial of service\n(DOS) attack when doing certain WebGL operations in a canvas requiring an unusually large\namount buffer to be allocated from video memory. This resulted in memory resource\nexhaustion with some Intel video cards, requiring the computer to be rebooted to return\nfunctionality. This was resolved by putting in additional checks on the amount of memory\nto be allocated during graphics processing.This issue was limited to a subset of Intel drivers on Linux. Other\noperating systems were not affected.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1956", "reference_id": "CVE-2016-1956", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1956" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-19", "reference_id": "mfsa2016-19", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1956" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h3an-hzsd-3kfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1950?format=api", "vulnerability_id": "VCID-jr76-2aht-uqb2", "summary": "Security researcher lokihardt, working with HP's Zero Day Initiative,\nreported a use-after-free issue in the SetBody function of\nHTMLDocument. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961", "reference_id": "CVE-2016-1961", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24", "reference_id": "mfsa2016-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1961" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jr76-2aht-uqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1868?format=api", "vulnerability_id": "VCID-mxj9-cgmx-zkg9", "summary": "Security researcher Nicolas Grégoire used the Address Sanitizer to\nfind a use-after-free during XML transformation operations. This results in a potentially\nexploitable crash triggerable by web content.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964", "reference_id": "CVE-2016-1964", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27", "reference_id": "mfsa2016-27", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/896?format=api", "purl": "pkg:mozilla/Thunderbird@38.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/895?format=api", "purl": "pkg:mozilla/Thunderbird@45.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" } ], "aliases": [ "CVE-2016-1964" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxj9-cgmx-zkg9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@45.0.0" }