Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/952?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "17.0.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "17.0.8", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1990?format=api", "vulnerability_id": "VCID-3ekz-3akk-63er", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a series of\nuse-after-free problems rated critical as security issues in shipped software.\nSome of these issues are potentially exploitable, allowing for remote code\nexecution. We would also like to thank Abhishek for reporting additional\nuse-after-free and buffer overflow flaws in code introduced during Firefox\ndevelopment. These were fixed before general release.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684", "reference_id": "CVE-2013-1684", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-50", "reference_id": "mfsa2013-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1684" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ekz-3akk-63er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2107?format=api", "vulnerability_id": "VCID-848r-yzgr-gqhs", "summary": "Security researcher Johnathan Kuskos reported that Firefox\nis sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes\nagainst the XHR specification. This can potentially be used for Cross-Site\nRequest Forgery (CSRF) attacks against sites which do not distinguish\nbetween HEAD and POST requests.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692", "reference_id": "CVE-2013-1692", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-54", "reference_id": "mfsa2013-54", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1692" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-848r-yzgr-gqhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2006?format=api", "vulnerability_id": "VCID-93bk-58d7-qfdf", "summary": "Mozilla developer Boris Zbarsky found that when\nPreserveWrapper was used in cases where a wrapper is not set, the\npreserved-wrapper flag on the wrapper cache is cleared. This could\npotentially lead to an exploitable crash.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694", "reference_id": "CVE-2013-1694", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-56", "reference_id": "mfsa2013-56", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1694" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93bk-58d7-qfdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2011?format=api", "vulnerability_id": "VCID-cvzy-dfhj-nkcy", "summary": "Mozilla security researcher moz_bug_r_a4 reported that\nXrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697", "reference_id": "CVE-2013-1697", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-59", "reference_id": "mfsa2013-59", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-59" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1697" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cvzy-dfhj-nkcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2050?format=api", "vulnerability_id": "VCID-jgqx-8ras-4bgn", "summary": "Security researcher Paul Stone of Context Information Security discovered\nthat timing differences in the processing of SVG format images with filters\ncould allow for pixel values to be read. This could potentially allow for text\nvalues to be read across domains, leading to information disclosure.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693", "reference_id": "CVE-2013-1693", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-55", "reference_id": "mfsa2013-55", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1693" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqx-8ras-4bgn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1995?format=api", "vulnerability_id": "VCID-q1jy-unjg-uffh", "summary": "Security researcher Nils reported that specially crafted web\ncontent using the onreadystatechange event and reloading of pages\ncould sometimes cause a crash when unmapped memory is executed. This crash is\npotentially exploitable.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690", "reference_id": "CVE-2013-1690", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-53", "reference_id": "mfsa2013-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1690" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q1jy-unjg-uffh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1993?format=api", "vulnerability_id": "VCID-utce-na5h-5kdn", "summary": "Security researcher Mariusz Mlynski reported that it is\npossible to compile a user-defined function in the XBL scope of a specific\nelement and then trigger an event within this scope to run code. In some\ncircumstances, when this code is run, it can access content protected by System\nOnly Wrappers (SOW) and chrome-privileged pages. This could potentially lead to\narbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be\nbypassed by web content to access privileged methods, leading to a cross-site\nscripting (XSS) attack from privileged pages.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687", "reference_id": "CVE-2013-1687", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-51", "reference_id": "mfsa2013-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1687" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utce-na5h-5kdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2036?format=api", "vulnerability_id": "VCID-uvdw-u8g4-6kgp", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682", "reference_id": "CVE-2013-1682", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-49", "reference_id": "mfsa2013-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/952?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" } ], "aliases": [ "CVE-2013-1682" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvdw-u8g4-6kgp" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.7" }