Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/957?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "type": "mozilla", "namespace": "", "name": "Thunderbird", "version": "24.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "24.1.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2111?format=api", "vulnerability_id": "VCID-2g95-3xnp-3yfx", "summary": "Mozilla developer Masayuki Nakano discovered that the\nNativeKey widget continues handling key messages even when it is\ndestroyed by dispatched event listeners. This could result in some key events\nbeing applied to other objects or plugins if the widget memory is reallocated to\nthem, leading to a non-exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1723", "reference_id": "CVE-2013-1723", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1723" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-80", "reference_id": "mfsa2013-80", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-80" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1723" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2g95-3xnp-3yfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2039?format=api", "vulnerability_id": "VCID-51qc-uzef-xkbu", "summary": "Software developer Dan Gohman of Google reported uninitialized data and variables in the IonMonkey Javascript engine when running the engine in Valgrind mode. This could be combined with additional exploits to allow the reading and use of previously allocated memory in some circumstances.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1728", "reference_id": "CVE-2013-1728", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1728" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-85", "reference_id": "mfsa2013-85", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1728" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51qc-uzef-xkbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2092?format=api", "vulnerability_id": "VCID-apjg-245v-yfdx", "summary": "Security researcher Sachin Shinde reported that moving\ncertain XBL-backed nodes from a document into the replacement document\ncreated by document.open() can cause a JavaScript\ncompartment mismatch which can often lead to exploitable conditions.\nStarting with Firefox 20 this condition was turned into a run-time\nassertion that would crash the browser in an unexploitable way, and in\nFirefox 24 the underlying cause was fixed.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730", "reference_id": "CVE-2013-1730", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-88", "reference_id": "mfsa2013-88", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-88" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1730" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apjg-245v-yfdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2004?format=api", "vulnerability_id": "VCID-d7ny-zzst-u3gy", "summary": "Mozilla developer Boris Zbarsky reported that user-defined\ngetters on DOM proxies would incorrectly get the expando object as this.\nIt is unlikely that this is directly exploitable but could lead to JavaScript\nclient or add-on code making incorrect security sensitive decisions based\non hacker supplied values.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737", "reference_id": "CVE-2013-1737", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-91", "reference_id": "mfsa2013-91", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-91" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1737" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7ny-zzst-u3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2056?format=api", "vulnerability_id": "VCID-ewqw-uz7g-8fgz", "summary": "Mozilla community member Ms2ger found a mechanism where a\nnew Javascript object with a compartment is uninitialized could be entered\nthrough web content. When the scope for this object is called, it leads to a\npotentially exploitable crash. \nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725", "reference_id": "CVE-2013-1725", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-82", "reference_id": "mfsa2013-82", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewqw-uz7g-8fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2023?format=api", "vulnerability_id": "VCID-g3pt-ezmz-1ydj", "summary": "Security researcher Scott Bell used the Address Sanitizer\ntool to discover a use-after-free when using a <select>\nelement in a form after it has been destroyed. This could lead to a potentially\nexploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1724", "reference_id": "CVE-2013-1724", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1724" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-81", "reference_id": "mfsa2013-81", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-81" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1724" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pt-ezmz-1ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2083?format=api", "vulnerability_id": "VCID-q65f-ghsg-kfca", "summary": "Security researcher Seb Patane reported that the Mozilla\nUpdater does not write-lock the MAR update file when it is in use by the\nUpdater. This leaves open the possibility of altering the contents of the MAR\nfile after the signature on the file has been verified as valid but before it\nhas been used. This could allow an attacker with access to the local system to\nsilently replace the contents of the update MAR file and either replace the\ninstalled software with their own or extract and run executables files with the\nsame privileges as that of the Mozilla Updater.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726", "reference_id": "CVE-2013-1726", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-83", "reference_id": "mfsa2013-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1726" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q65f-ghsg-kfca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2085?format=api", "vulnerability_id": "VCID-q8w2-5e92-yfd9", "summary": "Security researcher Nils reported a potentially exploitable\nuse-after-free in an early test version of Firefox 25. Mozilla developer\nBobby Holley found that the cause was an older garbage collection\nbug that a more recent change made easier to trigger.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1738", "reference_id": "CVE-2013-1738", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1738" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-92", "reference_id": "mfsa2013-92", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1738" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8w2-5e92-yfd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2126?format=api", "vulnerability_id": "VCID-qd5t-dg93-dud1", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a\nuse-after-free problem in the Animation Manager during the cloning of\nstylesheets. This can lead to a potentially exploitable crash.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722", "reference_id": "CVE-2013-1722", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-79", "reference_id": "mfsa2013-79", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-79" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1722" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qd5t-dg93-dud1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2008?format=api", "vulnerability_id": "VCID-ruh2-chz1-h3cv", "summary": "Using the Address Sanitizer tool, security researcher Atte\nKettunen from OUSPG found that the HTML5 Tree Builder does not properly\nstore state when interacting with template elements. Because some\nstack information is incorrectly stored, the template insertion mode stack can\nbe used when it is empty. This could possibly lead to code execution in some\ncircumstances.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1720", "reference_id": "CVE-2013-1720", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1720" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-77", "reference_id": "mfsa2013-77", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1720" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruh2-chz1-h3cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2108?format=api", "vulnerability_id": "VCID-ttmr-qbyy-w3cb", "summary": "Security researcher Nils reported two potentially\nexploitable memory corruption bugs involving scrolling. The first was a\nuse-after-free condition due to scrolling an image document. The second\nwas due to nodes in a range request being added as children of two\ndifferent parents.\nIn general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735", "reference_id": "CVE-2013-1735", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-90", "reference_id": "mfsa2013-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-90" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1735" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttmr-qbyy-w3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2081?format=api", "vulnerability_id": "VCID-ucuh-g6st-sqbq", "summary": "Security researcher Aki Helin reported that combining\nlists, floats, and multiple columns could trigger a potentially\nexploitable buffer overflow.\nIn general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732", "reference_id": "CVE-2013-1732", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-89", "reference_id": "mfsa2013-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-89" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1732" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucuh-g6st-sqbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2075?format=api", "vulnerability_id": "VCID-v6ds-zvhm-wkf5", "summary": "Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird product because scripting is disabled, but are potentially a risk in\nbrowser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718", "reference_id": "CVE-2013-1718", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-76", "reference_id": "mfsa2013-76", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-76" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" } ], "aliases": [ "CVE-2013-1718" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ds-zvhm-wkf5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" }