Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/94469?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "type": "deb", "namespace": "debian", "name": "firefox", "version": "1.5.dfsg+1.5.0.1-1", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.5.dfsg+1.5.0.2", "latest_non_vulnerable_version": "151.0.3-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2562?format=api", "vulnerability_id": "VCID-1r4s-89nj-wbb6", "summary": "Calling the QueryInterface method of the built-in\nLocation and Navigator objects causes memory corruption\nthat might be exploitable to run arbitrary code.This flaw appears to have been introduced during development\nof Firefox 1.5/SeaMonkey 1.0 -- Firefox 1.0 and the older\nMozilla Suite 1.7 do not appear to be vulnerable.Thunderbird 1.5 could be vulnerable if JavaScript is\nenabled in mail. This is not the default setting and we strongly\ndiscourage users from turning on JavaScript in mail. Thunderbird\nis not vulnerable in its default configuration.Update (7 February 2006)\nH D Moore of the Metasploit Project published a working exploit on milw0rm\nfor the Linux and Mac OS X versions of Firefox 1.5. Severity upgraded\nto critical.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83409", "scoring_system": "epss", "scoring_elements": "0.99292", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.83409", "scoring_system": "epss", "scoring_elements": "0.99293", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0295" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295", "reference_id": "CVE-2006-0295", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/1480.pm", "reference_id": "CVE-2006-0295", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/1480.pm" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16301.rb", "reference_id": "CVE-2006-0295;OSVDB-22893", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16301.rb" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-04", "reference_id": "mfsa2006-04", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-04" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/1474.pm", "reference_id": "OSVDB-22893;CVE-2006-0295", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/1474.pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0295" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r4s-89nj-wbb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2539?format=api", "vulnerability_id": "VCID-2sdu-6918-myba", "summary": "Garbage collection hazards have been found in the JavaScript\nengine where some routines used temporary variables\nthat were not properly protected (rooted). Specially crafted objects\ncould contain a user-defined method that would be called during\nthe lifetime of these temporaries. If this method triggered\ngarbage collection the engine would operate on the unexpectedly freed\ntemporary object when it returned from the user-defined routine.The risk appears remote, but this type of memory corruption could\npotentially be used by an attacker to run arbitrary code.CVE-2006-0293 was introduced during Firefox 1.5 development and does not\naffect Firefox 1.0. CVE-2006-0292 affects all versions of Firefox.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript is enabled in mail. This is not\nthe default setting; we strongly discourage users from running\nJavaScript in mail.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2Updated versions of Firefox 1.0, Thunderbird 1.0, and the Mozilla Suite 1.7\nhave been released containing this fix.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0377", "scoring_system": "epss", "scoring_elements": "0.88255", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0377", "scoring_system": "epss", "scoring_elements": "0.88274", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0377", "scoring_system": "epss", "scoring_elements": "0.88276", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0377", "scoring_system": "epss", "scoring_elements": "0.88275", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0293" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293", "reference_id": "CVE-2006-0293", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0293" }, { "reference_url": "https://security.gentoo.org/glsa/200604-18", "reference_id": "GLSA-200604-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200604-18" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-01", "reference_id": "mfsa2006-01", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0293" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sdu-6918-myba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2518?format=api", "vulnerability_id": "VCID-39xf-nz9j-13eq", "summary": "Georgi Guninski reports integer overflows in the new\nE4X, SVG, and Canvas features. These lead to memory corruption that\nis potentially exploitable to run arbitrary code.These flaws were introduced during Firefox 1.5 and SeaMonkey 1.0\ndevelopment and do not affect Firefox 1.0 or the Mozilla Suite 1.7Thunderbird 1.5 could be vulnerable if JavaScript is\nenabled in mail. This is not the default setting and we strongly\ndiscourage users from turning on JavaScript in mail. Thunderbird\nis not vulnerable in its default configuration.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06794", "scoring_system": "epss", "scoring_elements": "0.91479", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06794", "scoring_system": "epss", "scoring_elements": "0.91492", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06794", "scoring_system": "epss", "scoring_elements": "0.91494", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06794", "scoring_system": "epss", "scoring_elements": "0.91491", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06794", "scoring_system": "epss", "scoring_elements": "0.91488", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0297" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0297", "reference_id": "CVE-2006-0297", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0297" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-06", "reference_id": "mfsa2006-06", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-06" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0297" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39xf-nz9j-13eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2576?format=api", "vulnerability_id": "VCID-5yzz-uf75-2kg3", "summary": "The implementation of E4X introduced an internal \"AnyName\" object which\nwas unintentionally exposed to web content. This singleton object could\nbe used by two cooperating domains as a communication channel to get\naround same-origin restrictions that prevent direct access from one\nwindow or frame to another. This could not be used to violate\nsame-origin protection of another window's content, it was simply a\nmutually accessible storage spot. E4X was not supported in Firefox 1.0\nor Mozilla 1.7Thunderbird 1.5 could be vulnerable if JavaScript is\nenabled in mail. This is not the default setting and we strongly\ndiscourage users from turning on JavaScript in mail. Thunderbird\nis not vulnerable in its default configuration.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01447", "scoring_system": "epss", "scoring_elements": "0.81097", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01447", "scoring_system": "epss", "scoring_elements": "0.81126", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01447", "scoring_system": "epss", "scoring_elements": "0.81129", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01447", "scoring_system": "epss", "scoring_elements": "0.81121", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0299" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0299", "reference_id": "CVE-2006-0299", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0299" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-08", "reference_id": "mfsa2006-08", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0299" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5yzz-uf75-2kg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2540?format=api", "vulnerability_id": "VCID-8237-am6q-tfes", "summary": "Garbage collection hazards have been found in the JavaScript\nengine where some routines used temporary variables\nthat were not properly protected (rooted). Specially crafted objects\ncould contain a user-defined method that would be called during\nthe lifetime of these temporaries. If this method triggered\ngarbage collection the engine would operate on the unexpectedly freed\ntemporary object when it returned from the user-defined routine.The risk appears remote, but this type of memory corruption could\npotentially be used by an attacker to run arbitrary code.CVE-2006-0293 was introduced during Firefox 1.5 development and does not\naffect Firefox 1.0. CVE-2006-0292 affects all versions of Firefox.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript is enabled in mail. This is not\nthe default setting; we strongly discourage users from running\nJavaScript in mail.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2Updated versions of Firefox 1.0, Thunderbird 1.0, and the Mozilla Suite 1.7\nhave been released containing this fix.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0292.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0292.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07106", "scoring_system": "epss", "scoring_elements": "0.91682", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07106", "scoring_system": "epss", "scoring_elements": "0.91694", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07106", "scoring_system": "epss", "scoring_elements": "0.91697", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07106", "scoring_system": "epss", "scoring_elements": "0.91693", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.07106", "scoring_system": "epss", "scoring_elements": "0.91691", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0292" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617879", "reference_id": "1617879", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617879" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292", "reference_id": "CVE-2006-0292", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292" }, { "reference_url": "https://security.gentoo.org/glsa/200604-12", "reference_id": "GLSA-200604-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200604-12" }, { "reference_url": "https://security.gentoo.org/glsa/200604-18", "reference_id": "GLSA-200604-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200604-18" }, { "reference_url": "https://security.gentoo.org/glsa/200605-09", "reference_id": "GLSA-200605-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200605-09" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-01", "reference_id": "mfsa2006-01", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0200", "reference_id": "RHSA-2006:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0330", "reference_id": "RHSA-2006:0330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0330" }, { "reference_url": "https://usn.ubuntu.com/271-1/", "reference_id": "USN-271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/271-1/" }, { "reference_url": "https://usn.ubuntu.com/275-1/", "reference_id": "USN-275-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/275-1/" }, { "reference_url": "https://usn.ubuntu.com/276-1/", "reference_id": "USN-276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/276-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0292" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8237-am6q-tfes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2504?format=api", "vulnerability_id": "VCID-cux9-7xfe-hygq", "summary": "XULDocument.persist() did not validate the attribute name,\nallowing an attacker to inject XML into localstore.rdf that would\nbe read and acted upon at startup. This could include JavaScript\ncommands that would be run with the permissions of the browser.Thunderbird could be vulnerable if JavaScript is\nenabled. This is not the default setting and we strongly\ndiscourage users from turning on JavaScript in mail. Thunderbird\nis not vulnerable in its default configuration.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2Updated versions of Firefox 1.0, Thunderbird 1.0, and the Mozilla Suite 1.7\nhave been released containing this fix.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0296.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41202", "scoring_system": "epss", "scoring_elements": "0.97469", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.41202", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.41202", "scoring_system": "epss", "scoring_elements": "0.97476", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0296" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617880", "reference_id": "1617880", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617880" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296", "reference_id": "CVE-2006-0296", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296" }, { "reference_url": "https://security.gentoo.org/glsa/200604-12", "reference_id": "GLSA-200604-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200604-12" }, { "reference_url": "https://security.gentoo.org/glsa/200604-18", "reference_id": "GLSA-200604-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200604-18" }, { "reference_url": "https://security.gentoo.org/glsa/200605-09", "reference_id": "GLSA-200605-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200605-09" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-05", "reference_id": "mfsa2006-05", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0200", "reference_id": "RHSA-2006:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0330", "reference_id": "RHSA-2006:0330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0330" }, { "reference_url": "https://usn.ubuntu.com/271-1/", "reference_id": "USN-271-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/271-1/" }, { "reference_url": "https://usn.ubuntu.com/275-1/", "reference_id": "USN-275-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/275-1/" }, { "reference_url": "https://usn.ubuntu.com/276-1/", "reference_id": "USN-276-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/276-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0296" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cux9-7xfe-hygq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2548?format=api", "vulnerability_id": "VCID-dbs5-bx31-g7cn", "summary": "An upgrade in the XML parser introduced a bug that could read\nbeyond the end of the buffer, often causing a crash. We don't know if\nthis could be exploited to incorporate private data into the DOM of an\nXML document, but could be a privacy risk if so. Firefox 1.0, Thunderbird 1.0\nand Mozilla Suite 1.7 are not affected.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04351", "scoring_system": "epss", "scoring_elements": "0.89124", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04351", "scoring_system": "epss", "scoring_elements": "0.8914", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04351", "scoring_system": "epss", "scoring_elements": "0.89141", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0298" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0298", "reference_id": "CVE-2006-0298", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0298" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-07", "reference_id": "mfsa2006-07", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0298" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbs5-bx31-g7cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2585?format=api", "vulnerability_id": "VCID-jeys-twxs-u3e3", "summary": "Dynamically changing the style of an element from position:relative\nto position:static can cause Gecko to operate on freed memory.\nIt may be possible to exploit this in order to run arbitrary\ncode.This flaw was introduced during Firefox 1.5 and SeaMonkey 1.0\ndevelopment and does not affect Firefox 1.0 or the Mozilla Suite 1.7Thunderbird 1.5 could be vulnerable if JavaScript is\nenabled in mail. This is not the default setting and we strongly\ndiscourage users from turning on JavaScript in mail. Thunderbird\nis not vulnerable in its default configuration.Update (13 April 2006)\nThis flaw has been fixed in Thunderbird 1.5.0.2", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0598", "scoring_system": "epss", "scoring_elements": "0.90831", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0598", "scoring_system": "epss", "scoring_elements": "0.90845", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0598", "scoring_system": "epss", "scoring_elements": "0.90842", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0598", "scoring_system": "epss", "scoring_elements": "0.90841", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0294" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442", "reference_id": "351442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0294", "reference_id": "CVE-2006-0294", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0294" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-02", "reference_id": "mfsa2006-02", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/94469?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/94464?format=api", "purl": "pkg:deb/debian/firefox@151.0.3-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid" } ], "aliases": [ "CVE-2006-0294" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jeys-twxs-u3e3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid" }