Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/941?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "type": "mozilla", "namespace": "", "name": "Firefox ESR", "version": "17.0.5", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "17.0.6", "latest_non_vulnerable_version": "140.11.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2055?format=api", "vulnerability_id": "VCID-3cp2-dndc-hqcq", "summary": "Security researcher miaubiz used the Address Sanitizer tool\nto discover a crash in WebGL rendering when memory is freed that has not\npreviously been allocated. This issue only affects Linux users who have Intel\nMesa graphics drivers. The resulting crash could be potentially exploitable.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796", "reference_id": "CVE-2013-0796", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-35", "reference_id": "mfsa2013-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0796" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cp2-dndc-hqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2105?format=api", "vulnerability_id": "VCID-4gzd-m5g6-rbgm", "summary": "Mozilla community member Ambroz Bizjak reported an\nout-of-bounds array read in the CERT_DecodeCertPackage function of\nthe Network Security Services (NSS) library when decoding a certificate. When\nthis occurs, it will lead to memory corruption and a non-exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791", "reference_id": "CVE-2013-0791", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-40", "reference_id": "mfsa2013-40", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0791" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4gzd-m5g6-rbgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1987?format=api", "vulnerability_id": "VCID-7vcr-vvxc-dkcb", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800", "reference_id": "CVE-2013-0800", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-31", "reference_id": "mfsa2013-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-31" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0800" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vcr-vvxc-dkcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2029?format=api", "vulnerability_id": "VCID-925j-t5x6-vfbk", "summary": "Security researcher Mariusz Mlynski reported a method to use\nbrowser navigations through history to load an arbitrary website with that\npage's baseURI property pointing to another site instead of the seemingly loaded\none. The user will continue to see the incorrect site in the addressbar of the\nbrowser. This allows for a cross-site scripting (XSS) attack or the theft of\ndata through a phishing attack.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793", "reference_id": "CVE-2013-0793", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-38", "reference_id": "mfsa2013-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0793" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-925j-t5x6-vfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2009?format=api", "vulnerability_id": "VCID-gb5q-t5g7-dqgu", "summary": "Security researcher Ash reported an issue with the Mozilla\nUpdater. The Mozilla Updater can be made to load a malicious local DLL file in a\nprivileged context through either the Mozilla Maintenance Service or\nindependently on systems that do not use the service. This occurs when the DLL\nfile is placed in a specific location on the local system before the Mozilla\nUpdater is run. Local file system access is necessary in order for this issue to\nbe exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797", "reference_id": "CVE-2013-0797", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-34", "reference_id": "mfsa2013-34", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0797" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gb5q-t5g7-dqgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2035?format=api", "vulnerability_id": "VCID-mhk9-euwa-pbfk", "summary": "Security researcher Frédéric Hoguin discovered\nthat the Mozilla Maintenance Service on Windows was vulnerable to a buffer\noverflow. This system is used to update software without invoking the User\nAccount Control (UAC) prompt. The Mozilla Maintenance Service is configured to\nallow unprivileged users to start it with arbitrary arguments. By manipulating\nthe data passed in these arguments, an attacker can execute arbitrary code with\nthe system privileges used by the service. This issue requires local file system\naccess to be exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799", "reference_id": "CVE-2013-0799", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-32", "reference_id": "mfsa2013-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0799" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhk9-euwa-pbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2013?format=api", "vulnerability_id": "VCID-mugx-fxdy-syes", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788", "reference_id": "CVE-2013-0788", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-30", "reference_id": "mfsa2013-30", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0788" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mugx-fxdy-syes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2086?format=api", "vulnerability_id": "VCID-xrp4-wbrq-xqex", "summary": "Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795", "reference_id": "CVE-2013-0795", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-36", "reference_id": "mfsa2013-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" } ], "aliases": [ "CVE-2013-0795" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xrp4-wbrq-xqex" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" }