Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/922?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "21.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "22.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2053?format=api", "vulnerability_id": "VCID-3ed2-gkvm-87b5", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801", "reference_id": "CVE-2013-0801", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-41", "reference_id": "mfsa2013-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-41" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-0801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ed2-gkvm-87b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1994?format=api", "vulnerability_id": "VCID-88s5-md25-fbfg", "summary": "Security researcher Seb Patane reported an issue with the\nMozilla Maintenance Service on Windows. This issue allows unprivileged users to\nlocal privilege escalation through the system privileges used by the service\nwhen interacting with local malicious software. This allows the user to bypass\nintegrity checks leading to local privilege escalation. Local file system access\nis necessary in order for this issue to be exploitable and it cannot be\ntriggered through web content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672", "reference_id": "CVE-2013-1672", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44", "reference_id": "mfsa2013-44", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1672" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88s5-md25-fbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2071?format=api", "vulnerability_id": "VCID-8pqj-v7wh-2ub3", "summary": "Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the <input> control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671", "reference_id": "CVE-2013-1671", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-43", "reference_id": "mfsa2013-43", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1671" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pqj-v7wh-2ub3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2016?format=api", "vulnerability_id": "VCID-ahfy-yfgy-2ugs", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a series of\nuse-after-free, out of bounds read, and invalid write problems rated as moderate\nto critical as security issues in shipped software. Some of these issues are\npotentially exploitable, allowing for remote code execution. We would also like\nto thank Abhishek for reporting additional use-after-free flaws in\ndir=auto code introduced during Firefox development. These were\nfixed before general release.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676", "reference_id": "CVE-2013-1676", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-48", "reference_id": "mfsa2013-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1676" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ahfy-yfgy-2ugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2082?format=api", "vulnerability_id": "VCID-e43n-qw7k-9fh7", "summary": "Mozilla community member Ms2ger discovered that some\nDOMSVGZoomEvent functions are used without being properly\ninitialized, causing uninitialized memory to be used when they are called by web\ncontent. This could lead to a information leakage to sites depending on the\ncontents of this uninitialized memory.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675", "reference_id": "CVE-2013-1675", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-47", "reference_id": "mfsa2013-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1675" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e43n-qw7k-9fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2005?format=api", "vulnerability_id": "VCID-m5ja-e7ub-juhq", "summary": "Security researcher Cody Crews reported a method to call a\ncontent level constructor that allows for this constructor to have chrome\nprivileged access. This affects chrome object wrappers (COW) and allows for\nwrite actions on objects when only read actions should be allowed. This can lead\nto cross-site scripting (XSS) attacks. \nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670", "reference_id": "CVE-2013-1670", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-42", "reference_id": "mfsa2013-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1670" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ja-e7ub-juhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1977?format=api", "vulnerability_id": "VCID-qrrc-agxp-bybe", "summary": "Security researcher Nils reported a use-after-free when\nresizing video while playing. This could allow for arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674", "reference_id": "CVE-2013-1674", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-46", "reference_id": "mfsa2013-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1674" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrrc-agxp-bybe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2068?format=api", "vulnerability_id": "VCID-rsr5-mp2d-w7af", "summary": "Security researcher Robert Kugler discovered that in some\ninstances the Mozilla Maintenance Service on Windows will be vulnerable to some\npreviously fixed privilege escalation attacks that allowed for local privilege\nescalation. This was caused by the Mozilla Updater not updating Windows Registry\nentries for the Mozilla Maintenance Service, which fixed the earlier issues\npresent if Firefox 12 had been installed. New installations of Firefox after\nversion 12 are not affected by this issue. Local file system access is necessary\nin order for this issue to be exploitable and it cannot be triggered through web\ncontent.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673", "reference_id": "CVE-2013-1673", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-45", "reference_id": "mfsa2013-45", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/922?format=api", "purl": "pkg:mozilla/Firefox@21.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" } ], "aliases": [ "CVE-2013-1673" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsr5-mp2d-w7af" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@21.0.0" }