Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/972?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.6.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.6.8", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2197?format=api", "vulnerability_id": "VCID-23de-qepf-7fa8", "summary": "Security researcher Soroush Dalili reported that\npotentially sensitive URL parameters could be leaked across domains\nupon script errors when the script filename and line number is\nincluded in the error message.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754", "reference_id": "CVE-2010-2754", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2754" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47", "reference_id": "mfsa2010-47", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-2754" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-23de-qepf-7fa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=api", "vulnerability_id": "VCID-54xd-e1tz-myck", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215", "reference_id": "CVE-2010-1215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38", "reference_id": "mfsa2010-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1215" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54xd-e1tz-myck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2220?format=api", "vulnerability_id": "VCID-5bux-q44x-mfak", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative that an array class used to store\nCSS values contained an integer overflow vulnerability. The 16 bit\ninteger value used in allocating the size of the array could overflow,\nresulting in too small a memory buffer being created. When the array\nwas later populated with CSS values data would be written past the end\nof the buffer potentially resulting in the execution of\nattacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752", "reference_id": "CVE-2010-2752", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2752" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39", "reference_id": "mfsa2010-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-2752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bux-q44x-mfak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2176?format=api", "vulnerability_id": "VCID-9d6f-k4cg-57gt", "summary": "Google security researcher Chris Evans reported\nthat data can be read across domains by injecting bogus CSS selectors\ninto a target site and then retrieving the data using JavaScript APIs.\nIf an attacker can inject opening and closing portions of a CSS\nselector into points A and B of a target page, then the region between\nthe two injection points becomes readable to JavaScript through, for\nexample, the getComputedStyle() API.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654", "reference_id": "CVE-2010-0654", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46", "reference_id": "mfsa2010-46", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-0654" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d6f-k4cg-57gt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=api", "vulnerability_id": "VCID-afs1-nyna-2khz", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753", "reference_id": "CVE-2010-2753", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40", "reference_id": "mfsa2010-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2753" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afs1-nyna-2khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2132?format=api", "vulnerability_id": "VCID-b5d8-xmt5-n3fk", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the DOM attribute\ncloning routine where under certain circumstances an event attribute\nnode can be deleted while another object still contains a reference to\nit. This reference could subsequently be accessed, potentially\ncausing the execution of attacker controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208", "reference_id": "CVE-2010-1208", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1208" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35", "reference_id": "mfsa2010-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1208" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b5d8-xmt5-n3fk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=api", "vulnerability_id": "VCID-b757-b3zk-c7d8", "summary": "OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng. A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers. When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer. This could result in the\nexecution of attacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205", "reference_id": "CVE-2010-1205", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41", "reference_id": "mfsa2010-41", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-41" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1205" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b757-b3zk-c7d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2202?format=api", "vulnerability_id": "VCID-bxjx-hxgs-r7fh", "summary": "Security researcher O. Andersen reported that\nundefined positions within various 8 bit character encodings are\nmapped to the sequence U+FFFD which when displayed causes the\nimmediately following character to disappear from the text run. This\ncould potentially contribute to XSS problems on sites which expected\nextra characters to be present within strings being sanitized on the\nserver.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210", "reference_id": "CVE-2010-1210", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1210" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44", "reference_id": "mfsa2010-44", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1210" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bxjx-hxgs-r7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2227?format=api", "vulnerability_id": "VCID-gkry-fmfu-93ax", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in Mozilla's\nimplementation of NodeIterator in which a\nmalicious NodeFilter could be created which would detach\nnodes from the DOM tree while it was being traversed. The use of a\ndetached and subsequently deleted node could result in the execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209", "reference_id": "CVE-2010-1209", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1209" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36", "reference_id": "mfsa2010-36", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1209" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkry-fmfu-93ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2155?format=api", "vulnerability_id": "VCID-ns97-bju9-4kam", "summary": "Security researcher J23 reported via\nTippingPoint's Zero Day Initiative an error in the code used to store\nthe names and values of plugin parameter elements. A malicious page\ncould embed plugin content containing a very large number of parameter\nelements which would cause an overflow in the integer value counting\nthem. This integer is later used in allocating a memory buffer used\nto store the plugin parameters. Under such conditions, too small a\nbuffer would be created and attacker-controlled data could be written\npast the end of the buffer, potentially resulting in code\nexecution.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214", "reference_id": "CVE-2010-1214", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1214" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37", "reference_id": "mfsa2010-37", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1214" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns97-bju9-4kam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2164?format=api", "vulnerability_id": "VCID-t1sx-kgbz-kqds", "summary": "Mozilla developer Vladimir Vukicevic reported that\na canvas element can be used to read data from another site, violating\nthe same-origin policy. The read restriction placed on a canvas\nelement which has had cross-origin data rendered into it can be\nbypassed by retaining a reference to the canvas element's context and\ndeleting the associated canvas node from the DOM.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207", "reference_id": "CVE-2010-1207", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1207" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43", "reference_id": "mfsa2010-43", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1207" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1sx-kgbz-kqds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2211?format=api", "vulnerability_id": "VCID-wmbg-72ur-a7hd", "summary": "Google security researcher Michal Zalewski\nreported two methods for spoofing the contents of the location bar.\nThe first method works by opening a new window containing a resource\nthat responds with an HTTP 204 (no content) and then using the\nreference to the new window to insert HTML content into the blank\ndocument. The second location bar spoofing method does not require that the\nresource opened in a new window respond with 204, as long as the\nopener calls window.stop() before the document is loaded.\nIn either case a user could be mislead as to the correct location of\nthe document they are currently viewing.Security researcher Jordi Chancel reported that\nthe location bar could be spoofed to look like a secure page when the\ncurrent document was served via plaintext. The vulnerability is\ntriggered by a server by first redirecting a request for a plaintext\nresource to another resource behind a valid SSL/TLS certificate. A\nsecond request made to the original plaintext resource which is\nresponded to not with a redirect but with JavaScript\ncontaining history.back()\nand history.forward() will result in the plaintext\nresource being displayed with valid SSL/TLS badging in the location\nbar.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206", "reference_id": "CVE-2010-1206", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1206" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45", "reference_id": "mfsa2010-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmbg-72ur-a7hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2230?format=api", "vulnerability_id": "VCID-xe4n-uxss-vfcu", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211", "reference_id": "CVE-2010-1211", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1211" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34", "reference_id": "mfsa2010-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1211" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xe4n-uxss-vfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2226?format=api", "vulnerability_id": "VCID-yn1v-ut2g-fufv", "summary": "Security researcher Yosuke Hasegawa reported that\nthe Web Worker method importScripts can read and parse\nresources from other domains even when the content is not valid\nJavaScript. This is a violation of the same-origin policy and could\nbe used by an attacker to steal information from other sites.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213", "reference_id": "CVE-2010-1213", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1213" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42", "reference_id": "mfsa2010-42", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" } ], "aliases": [ "CVE-2010-1213" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn1v-ut2g-fufv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" }