Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/940?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "20.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "21.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2055?format=api", "vulnerability_id": "VCID-3cp2-dndc-hqcq", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a crash in WebGL rendering when memory is freed that has not\npreviously been allocated. This issue only affects Linux users who have Intel\nMesa graphics drivers. The resulting crash could be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796", "reference_id": "CVE-2013-0796", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-35", "reference_id": "mfsa2013-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0796" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cp2-dndc-hqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2105?format=api", "vulnerability_id": "VCID-4gzd-m5g6-rbgm", "summary": "Mozilla community member Ambroz Bizjak reported an\nout-of-bounds array read in the CERT_DecodeCertPackage function of\nthe Network Security Services (NSS) library when decoding a certificate. When\nthis occurs, it will lead to memory corruption and a non-exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791", "reference_id": "CVE-2013-0791", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-40", "reference_id": "mfsa2013-40", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0791" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gzd-m5g6-rbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1987?format=api", "vulnerability_id": "VCID-7vcr-vvxc-dkcb", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800", "reference_id": "CVE-2013-0800", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-31", "reference_id": "mfsa2013-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-31" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0800" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vcr-vvxc-dkcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2026?format=api", "vulnerability_id": "VCID-81um-b3ht-3yby", "summary": "Security researcher shutdown reported a method for\nremoving the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794", "reference_id": "CVE-2013-0794", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-37", "reference_id": "mfsa2013-37", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0794" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81um-b3ht-3yby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2029?format=api", "vulnerability_id": "VCID-925j-t5x6-vfbk", "summary": "Security researcher Mariusz Mlynski reported a method to use\nbrowser navigations through history to load an arbitrary website with that\npage's baseURI property pointing to another site instead of the seemingly loaded\none. The user will continue to see the incorrect site in the addressbar of the\nbrowser. This allows for a cross-site scripting (XSS) attack or the theft of\ndata through a phishing attack.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793", "reference_id": "CVE-2013-0793", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-38", "reference_id": "mfsa2013-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0793" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-925j-t5x6-vfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2009?format=api", "vulnerability_id": "VCID-gb5q-t5g7-dqgu", "summary": "Security researcher Ash reported an issue with the Mozilla\nUpdater. The Mozilla Updater can be made to load a malicious local DLL file in a\nprivileged context through either the Mozilla Maintenance Service or\nindependently on systems that do not use the service. This occurs when the DLL\nfile is placed in a specific location on the local system before the Mozilla\nUpdater is run. Local file system access is necessary in order for this issue to\nbe exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797", "reference_id": "CVE-2013-0797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-34", "reference_id": "mfsa2013-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb5q-t5g7-dqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2035?format=api", "vulnerability_id": "VCID-mhk9-euwa-pbfk", "summary": "Security researcher Frédéric Hoguin discovered\nthat the Mozilla Maintenance Service on Windows was vulnerable to a buffer\noverflow. This system is used to update software without invoking the User\nAccount Control (UAC) prompt. The Mozilla Maintenance Service is configured to\nallow unprivileged users to start it with arbitrary arguments. By manipulating\nthe data passed in these arguments, an attacker can execute arbitrary code with\nthe system privileges used by the service. This issue requires local file system\naccess to be exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799", "reference_id": "CVE-2013-0799", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-32", "reference_id": "mfsa2013-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0799" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhk9-euwa-pbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2013?format=api", "vulnerability_id": "VCID-mugx-fxdy-syes", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788", "reference_id": "CVE-2013-0788", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-30", "reference_id": "mfsa2013-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0788" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mugx-fxdy-syes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2127?format=api", "vulnerability_id": "VCID-p73r-gsgw-qbdh", "summary": "Security researcher Shuichiro Suzuki of the Fourteenforty\nResearch Institute reported the app_tmp directory is set to be\nworld readable and writeable by Firefox for Android. This potentially allows for\nthird party applications to replace or alter Firefox add-ons when downloaded\nbecause they are temporarily stored in the app_tmp directory before\ninstallation.\nThis vulnerability only affects Firefox for Android.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798", "reference_id": "CVE-2013-0798", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-33", "reference_id": "mfsa2013-33", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0798" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p73r-gsgw-qbdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2031?format=api", "vulnerability_id": "VCID-sx9z-aksf-abh6", "summary": "Mozilla community member Tobias Schula reported that if\ngfx.color_management.enablev4 preference is enabled manually in\nabout:config, some grayscale PNG images will be rendered\nincorrectly and cause memory corruption during PNG decoding when certain color\nprofiles are in use. A crafted PNG image could use this flaw to leak data\nthrough rendered images drawing from random memory. By default, this preference\nis not enabled.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792", "reference_id": "CVE-2013-0792", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-39", "reference_id": "mfsa2013-39", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0792" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sx9z-aksf-abh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2086?format=api", "vulnerability_id": "VCID-xrp4-wbrq-xqex", "summary": "Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795", "reference_id": "CVE-2013-0795", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-36", "reference_id": "mfsa2013-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" } ], "aliases": [ "CVE-2013-0795" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrp4-wbrq-xqex" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" }