Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/975?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.6.2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.6.3", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=api", "vulnerability_id": "VCID-3gpe-mdjk-fug4", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165", "reference_id": "CVE-2010-0165", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0165" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpe-mdjk-fug4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2177?format=api", "vulnerability_id": "VCID-84nu-2fbp-qqc3", "summary": "Security researcher Evgeny Legerov of Intevydis\nreported that the WOFF decoder contains an integer overflow in a\nfont decompression routine. This flaw could result in too small a\nmemory buffer being allocated to store a downloadable font. An\nattacker could use this vulnerability to crash a victim's browser\nand execute arbitrary code on his/her system.Support for the WOFF downloadable font format\nis new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect\nproducts built on earlier versions of the Mozilla browser engine.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028", "reference_id": "CVE-2010-1028", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08", "reference_id": "mfsa2010-08", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-08" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-1028" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84nu-2fbp-qqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=api", "vulnerability_id": "VCID-8611-tzyq-e7b3", "summary": "Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content. This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182", "reference_id": "CVE-2010-0182", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24", "reference_id": "mfsa2010-24", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8611-tzyq-e7b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=api", "vulnerability_id": "VCID-8nnr-7fr7-gbc6", "summary": "phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched. This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181", "reference_id": "CVE-2010-0181", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23", "reference_id": "mfsa2010-23", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8nnr-7fr7-gbc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2147?format=api", "vulnerability_id": "VCID-ag56-4pye-f7e5", "summary": "Mozilla developer Josh Soref of Nokia reported that\ndocuments failed to call certain security checks when attempting to\npreload images. Although the image content is not available to the page, it\nis possible to specify protocols that are normally not allowed in a web page\nsuch as file:. This includes internal schemes implemented by\nadd-ons that might perform privileged actions resulting in something like a\nCross-Site Request Forgery (CSRF) attack against the add-on. Potential severity\nwould depend on the add-ons installed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168", "reference_id": "CVE-2010-0168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13", "reference_id": "mfsa2010-13", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ag56-4pye-f7e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=api", "vulnerability_id": "VCID-atus-ryef-17h1", "summary": "Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue. Firefox 3 does not contain the fix for this issue.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "reference_id": "CVE-2009-3555", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22", "reference_id": "mfsa2010-22", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2009-3555" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=api", "vulnerability_id": "VCID-cbf6-phh6-3kd3", "summary": "Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171", "reference_id": "CVE-2010-0171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12", "reference_id": "mfsa2010-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbf6-phh6-3kd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=api", "vulnerability_id": "VCID-ccxj-6r97-9uac", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object. When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member. This could result in\nthe deletion of objects for which valid pointers still exist. An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177", "reference_id": "CVE-2010-0177", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19", "reference_id": "mfsa2010-19", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/977?format=api", "purl": "pkg:mozilla/Firefox@3.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0177" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ccxj-6r97-9uac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2178?format=api", "vulnerability_id": "VCID-m7be-rjrq-r7gv", "summary": "Mozilla developer Blake Kaplan reported that the \nwindow.location object was made a normal overridable JavaScript object\nin the Firefox 3.6 browser engine (Gecko 1.9.2) because new mechanisms\nwere developed to enforce the same-origin policy between windows and frames.\nThis object is unfortunately also used by some plugins to determine the page\norigin used for access restrictions. A malicious page could override this\nobject to fool a plugin into granting access to data on another site or the\nlocal file system. The behavior of older Firefox versions has been restored.\nThis flaw does not affect earlier versions of Firefox, or other\nprograms such as Thunderbird or SeaMonkey built on older versions\nof the browser engine.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170", "reference_id": "CVE-2010-0170", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10", "reference_id": "mfsa2010-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m7be-rjrq-r7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2138?format=api", "vulnerability_id": "VCID-nchh-872w-vkh3", "summary": "Mozilla developer Justin Dolske reported that the new\nasynchronous Authorization Prompt (HTTP username and password) was not\nalways attached to the correct window. Although we have not\ndemonstrated this, it may be possible for a malicious page to convince\na user to open a new tab or popup to a trusted service and then have\nthe HTTP authorization prompt from the malicious page appear to be\nthe login prompt for the trusted page. This potential attack is greatly\nmitigated by the fact that very few web sites use HTTP authorization,\npreferring instead to use web forms and cookies.This issue does not affect older versions of Firefox or\nproducts based on the Mozilla browser engine, such as Thunderbird and\nSeaMonkey, using an older version of the engine.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172", "reference_id": "CVE-2010-0172", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0172" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15", "reference_id": "mfsa2010-15", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0172" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nchh-872w-vkh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=api", "vulnerability_id": "VCID-pjqn-kghb-k7fs", "summary": "Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface. A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169", "reference_id": "CVE-2010-0169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14", "reference_id": "mfsa2010-14", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqn-kghb-k7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=api", "vulnerability_id": "VCID-qq5u-em1p-9kat", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173", "reference_id": "CVE-2010-0173", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16", "reference_id": "mfsa2010-16", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-16" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/977?format=api", "purl": "pkg:mozilla/Firefox@3.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0173" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5u-em1p-9kat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=api", "vulnerability_id": "VCID-tr7s-z4p8-jbdn", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>. In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used. An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176", "reference_id": "CVE-2010-0176", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18", "reference_id": "mfsa2010-18", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/977?format=api", "purl": "pkg:mozilla/Firefox@3.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0176" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tr7s-z4p8-jbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=api", "vulnerability_id": "VCID-w9jx-nwdg-8yaw", "summary": "Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser. This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178", "reference_id": "CVE-2010-0178", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20", "reference_id": "mfsa2010-20", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/977?format=api", "purl": "pkg:mozilla/Firefox@3.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/976?format=api", "purl": "pkg:mozilla/Firefox@3.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0178" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w9jx-nwdg-8yaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2196?format=api", "vulnerability_id": "VCID-zzu7-b5pp-67g3", "summary": "Security researcher regenrecht reported (via TippingPoint's\nZero Day Initiative) a potential reuse of a deleted image frame in Firefox\n3.6's handling of multipart/x-mixed-replace images. Although\nno exploit was shown, re-use of freed memory has led to exploitable\nvulnerabilities in the past.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164", "reference_id": "CVE-2010-0164", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0164" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09", "reference_id": "mfsa2010-09", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzu7-b5pp-67g3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" }