Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/948?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "17.0.8", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "23.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1989?format=api", "vulnerability_id": "VCID-143m-7g97-97h1", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nthrough an interaction of frames and browser history it was possible to make the\nbrowser believe attacker-supplied content came from the location of a previous\npage in browser history. This allows for cross-site scripting (XSS) attacks by\nloading scripts from a misrepresented malicious site through relative locations\nand the potential access of stored credentials of a spoofed site.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1709", "reference_id": "CVE-2013-1709", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1709" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-68", "reference_id": "mfsa2013-68", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-68" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1709" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-143m-7g97-97h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2089?format=api", "vulnerability_id": "VCID-37vd-fc2a-hkek", "summary": "Mozilla community member Federico Lanusse reported a\nmechanism where a web worker can violate same-origin policy and bypass\ncross-origin checks through XMLHttpRequest. This could allow for cross-site\nscripting (XSS) attacks by web workers.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1714", "reference_id": "CVE-2013-1714", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-73", "reference_id": "mfsa2013-73", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1714" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37vd-fc2a-hkek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2117?format=api", "vulnerability_id": "VCID-7fny-zs49-dkha", "summary": "Security researcher Cody Crews reported that some Javascript\ncomponents will perform checks against the wrong uniform resource identifier\n(URI) before performing security sensitive actions. This will return an\nincorrect location for the originator of the call. This could be used to bypass\nsame-origin policy, allowing for cross-site scripting (XSS) or the installation\nof malicious add-ons from third-party pages.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1713", "reference_id": "CVE-2013-1713", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1713" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-72", "reference_id": "mfsa2013-72", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-72" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1713" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fny-zs49-dkha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2114?format=api", "vulnerability_id": "VCID-g386-717y-eqea", "summary": "Security researcher Seb Patane reported stack buffer\noverflows in both the Maintenance Service and the Mozilla Updater when\nunexpectedly long paths were encountered. A local attacker could pass these as\ncommand-line arguments to the Maintenance Service to crash either program and\npotentially lead to arbitrary code being run with the Administrator privileges\nused by the Maintenance Service and inherited by the Updater.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1706", "reference_id": "CVE-2013-1706", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1706" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-66", "reference_id": "mfsa2013-66", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-66" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1706" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g386-717y-eqea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2032?format=api", "vulnerability_id": "VCID-hqar-k2zd-kbbu", "summary": "Mozilla security researcher moz_bug_r_a4 reported a\nmechanism to execute arbitrary code or a cross-site scripting (XSS) attack when\nCertificate Request Message Format (CRMF) request is generated in certain\ncircumstances. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710", "reference_id": "CVE-2013-1710", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-69", "reference_id": "mfsa2013-69", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1710" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hqar-k2zd-kbbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2028?format=api", "vulnerability_id": "VCID-ja9q-q2wp-4khu", "summary": "Security researcher Ash reported an issue with the Mozilla\nUpdater on Windows 7 and later versions of Windows. On vulnerable platforms, the\nMozilla Updater can be made to load a specific malicious DLL file from the local\nsystem. This DLL file can run in a privileged context through the Mozilla\nMaintenance Service's privileges, allowing for local privilege escalation. The\nDLL file can also run in an unprivileged context if the Mozilla Updater is run\ndirectly by a user in the same directory as the file. Local file system access\nis necessary in order for this issue to be exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1712", "reference_id": "CVE-2013-1712", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1712" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-71", "reference_id": "mfsa2013-71", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-71" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1712" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ja9q-q2wp-4khu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2130?format=api", "vulnerability_id": "VCID-yb2d-8jve-qkc5", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1701", "reference_id": "CVE-2013-1701", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1701" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-63", "reference_id": "mfsa2013-63", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1701" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yb2d-8jve-qkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2091?format=api", "vulnerability_id": "VCID-ze84-c592-s7ef", "summary": "Security researcher Georgi Guninski reported an issue with\nJava applets where in some circumstances the applet could access files on the\nlocal system when loaded using the a file:/// URI and violate file\norigin policy due to interaction with the codebase parameter. This\naffects applets running on the local file system. Mozilla developer John\nSchoenick later discovered that fixes for this issue were inadequate\nand allowed the invocation of Java applets to bypass security checks in\nadditional circumstances. This could lead to untrusted Java applets having\nread-only access on the local files system if used in conjunction with a method\nto download a file to a known or guessable path.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1717", "reference_id": "CVE-2013-1717", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1717" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-75", "reference_id": "mfsa2013-75", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/948?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" } ], "aliases": [ "CVE-2013-1717" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ze84-c592-s7ef" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.8" }