Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/925?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "type": "mozilla", "namespace": "", "name": "Thunderbird ESR", "version": "17.0.6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "17.0.7", "latest_non_vulnerable_version": "17.0.11", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2053?format=api", "vulnerability_id": "VCID-3ed2-gkvm-87b5", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801", "reference_id": "CVE-2013-0801", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-41", "reference_id": "mfsa2013-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-41" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" } ], "aliases": [ "CVE-2013-0801" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ed2-gkvm-87b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1994?format=api", "vulnerability_id": "VCID-88s5-md25-fbfg", "summary": "Security researcher Seb Patane reported an issue with the\nMozilla Maintenance Service on Windows. This issue allows unprivileged users to\nlocal privilege escalation through the system privileges used by the service\nwhen interacting with local malicious software. This allows the user to bypass\nintegrity checks leading to local privilege escalation. Local file system access\nis necessary in order for this issue to be exploitable and it cannot be\ntriggered through web content.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672", "reference_id": "CVE-2013-1672", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44", "reference_id": "mfsa2013-44", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" } ], "aliases": [ "CVE-2013-1672" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88s5-md25-fbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2016?format=api", "vulnerability_id": "VCID-ahfy-yfgy-2ugs", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a series of\nuse-after-free, out of bounds read, and invalid write problems rated as moderate\nto critical as security issues in shipped software. Some of these issues are\npotentially exploitable, allowing for remote code execution. We would also like\nto thank Abhishek for reporting additional use-after-free flaws in\ndir=auto code introduced during Firefox development. These were\nfixed before general release.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676", "reference_id": "CVE-2013-1676", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-48", "reference_id": "mfsa2013-48", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-48" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" } ], "aliases": [ "CVE-2013-1676" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ahfy-yfgy-2ugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2082?format=api", "vulnerability_id": "VCID-e43n-qw7k-9fh7", "summary": "Mozilla community member Ms2ger discovered that some\nDOMSVGZoomEvent functions are used without being properly\ninitialized, causing uninitialized memory to be used when they are called by web\ncontent. This could lead to a information leakage to sites depending on the\ncontents of this uninitialized memory.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675", "reference_id": "CVE-2013-1675", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-47", "reference_id": "mfsa2013-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" } ], "aliases": [ "CVE-2013-1675" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e43n-qw7k-9fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2005?format=api", "vulnerability_id": "VCID-m5ja-e7ub-juhq", "summary": "Security researcher Cody Crews reported a method to call a\ncontent level constructor that allows for this constructor to have chrome\nprivileged access. This affects chrome object wrappers (COW) and allows for\nwrite actions on objects when only read actions should be allowed. This can lead\nto cross-site scripting (XSS) attacks. \nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670", "reference_id": "CVE-2013-1670", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-42", "reference_id": "mfsa2013-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" } ], "aliases": [ "CVE-2013-1670" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5ja-e7ub-juhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1977?format=api", "vulnerability_id": "VCID-qrrc-agxp-bybe", "summary": "Security researcher Nils reported a use-after-free when\nresizing video while playing. This could allow for arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674", "reference_id": "CVE-2013-1674", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-46", "reference_id": "mfsa2013-46", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/925?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" } ], "aliases": [ "CVE-2013-1674" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrrc-agxp-bybe" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.6" }