Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/956?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "type": "mozilla", "namespace": "", "name": "Firefox ESR", "version": "17.0.9", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "17.0.10", "latest_non_vulnerable_version": "140.11.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2092?format=api", "vulnerability_id": "VCID-apjg-245v-yfdx", "summary": "Security researcher Sachin Shinde reported that moving\ncertain XBL-backed nodes from a document into the replacement document\ncreated by document.open() can cause a JavaScript\ncompartment mismatch which can often lead to exploitable conditions.\nStarting with Firefox 20 this condition was turned into a run-time\nassertion that would crash the browser in an unexploitable way, and in\nFirefox 24 the underlying cause was fixed.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730", "reference_id": "CVE-2013-1730", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-88", "reference_id": "mfsa2013-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1730" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apjg-245v-yfdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2004?format=api", "vulnerability_id": "VCID-d7ny-zzst-u3gy", "summary": "Mozilla developer Boris Zbarsky reported that user-defined\ngetters on DOM proxies would incorrectly get the expando object as this.\nIt is unlikely that this is directly exploitable but could lead to JavaScript\nclient or add-on code making incorrect security sensitive decisions based\non hacker supplied values.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737", "reference_id": "CVE-2013-1737", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-91", "reference_id": "mfsa2013-91", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-91" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1737" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7ny-zzst-u3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2056?format=api", "vulnerability_id": "VCID-ewqw-uz7g-8fgz", "summary": "Mozilla community member Ms2ger found a mechanism where a\nnew Javascript object with a compartment is uninitialized could be entered\nthrough web content. When the scope for this object is called, it leads to a\npotentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725", "reference_id": "CVE-2013-1725", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-82", "reference_id": "mfsa2013-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewqw-uz7g-8fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2083?format=api", "vulnerability_id": "VCID-q65f-ghsg-kfca", "summary": "Security researcher Seb Patane reported that the Mozilla\nUpdater does not write-lock the MAR update file when it is in use by the\nUpdater. This leaves open the possibility of altering the contents of the MAR\nfile after the signature on the file has been verified as valid but before it\nhas been used. This could allow an attacker with access to the local system to\nsilently replace the contents of the update MAR file and either replace the\ninstalled software with their own or extract and run executables files with the\nsame privileges as that of the Mozilla Updater.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726", "reference_id": "CVE-2013-1726", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-83", "reference_id": "mfsa2013-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1726" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q65f-ghsg-kfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2126?format=api", "vulnerability_id": "VCID-qd5t-dg93-dud1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a\nuse-after-free problem in the Animation Manager during the cloning of\nstylesheets. This can lead to a potentially exploitable crash.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722", "reference_id": "CVE-2013-1722", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-79", "reference_id": "mfsa2013-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1722" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qd5t-dg93-dud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2108?format=api", "vulnerability_id": "VCID-ttmr-qbyy-w3cb", "summary": "Security researcher Nils reported two potentially\nexploitable memory corruption bugs involving scrolling. The first was a\nuse-after-free condition due to scrolling an image document. The second\nwas due to nodes in a range request being added as children of two\ndifferent parents.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735", "reference_id": "CVE-2013-1735", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-90", "reference_id": "mfsa2013-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-90" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1735" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttmr-qbyy-w3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2081?format=api", "vulnerability_id": "VCID-ucuh-g6st-sqbq", "summary": "Security researcher Aki Helin reported that combining\nlists, floats, and multiple columns could trigger a potentially\nexploitable buffer overflow.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732", "reference_id": "CVE-2013-1732", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-89", "reference_id": "mfsa2013-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1732" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucuh-g6st-sqbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2075?format=api", "vulnerability_id": "VCID-v6ds-zvhm-wkf5", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718", "reference_id": "CVE-2013-1718", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-76", "reference_id": "mfsa2013-76", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-76" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" } ], "aliases": [ "CVE-2013-1718" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ds-zvhm-wkf5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" }