Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/985?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.5.12", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.5.14", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2174?format=api", "vulnerability_id": "VCID-2gnx-bbf7-9yee", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that code used to normalize a\ndocument contained a logical flaw that could be leveraged to run\narbitrary code. When the normalization code ran, a static count of\nthe document's child nodes was used in the traversal, so a page could\nbe constructed that would remove DOM nodes during this normalization\nwhich could lead to the accessing of a deleted object and potentially\nthe execution of attacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766", "reference_id": "CVE-2010-2766", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2766" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57", "reference_id": "mfsa2010-57", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-57" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2766" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gnx-bbf7-9yee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2233?format=api", "vulnerability_id": "VCID-3gpm-gttu-gudn", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the wrapper class XPCSafeJSObjectWrapper (SJOW) on\nthe Mozilla 1.9.1 development branch has a logical error in its\nscripted function implementation that allows the caller to run the\nfunction within the context of another site. This is a violation of\nthe same-origin policy and could be used to mount an XSS attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763", "reference_id": "CVE-2010-2763", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2763" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60", "reference_id": "mfsa2010-60", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-60" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" } ], "aliases": [ "CVE-2010-2763" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpm-gttu-gudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2217?format=api", "vulnerability_id": "VCID-5sbu-sc2m-b3eg", "summary": "Security researcher Marc Schoenefeld reported that\na specially crafted font could be applied to a document and cause a\ncrash on Mac systems. The crash showed signs of memory corruption and\npresumably could be used by an attacker to execute arbitrary code on a\nvictim's computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770", "reference_id": "CVE-2010-2770", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2770" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58", "reference_id": "mfsa2010-58", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-58" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2770" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5sbu-sc2m-b3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2148?format=api", "vulnerability_id": "VCID-afs1-nyna-2khz", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that there was a remaining dangling\npointer issue leftover from the fix\nto CVE-2010-2753.\nUnder certain circumstances one of the pointers held by a XUL tree\nselection could be freed and then later reused, potentially resulting\nin the execution of attacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753", "reference_id": "CVE-2010-2753", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2753" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40", "reference_id": "mfsa2010-40", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-40" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54", "reference_id": "mfsa2010-54", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-54" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/973?format=api", "purl": "pkg:mozilla/Firefox@3.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2753" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afs1-nyna-2khz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2136?format=api", "vulnerability_id": "VCID-d95t-gxrb-ruac", "summary": "Security researcher Paul Stone reported that when\nan HTML selection containing JavaScript is copy-and-pasted or dropped\nonto a document with designMode enabled the JavaScript will be\nexecuted within the context of the site where the code was dropped. A\nmalicious site could leverage this issue in an XSS attack by\npersuading a user into taking such an action and in the process\nrunning malicious JavaScript within the context of another site.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769", "reference_id": "CVE-2010-2769", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2769" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62", "reference_id": "mfsa2010-62", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2769" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d95t-gxrb-ruac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2137?format=api", "vulnerability_id": "VCID-f1na-6x4z-e3aa", "summary": "Security researchers David Huang\nand Collin Jackson of Carnegie Mellon University\nCyLab (Silicon Valley campus) reported that the type\nattribute of an <object> tag can override the charset of a\nframed HTML document, even when the document is included across\norigins. A page could be constructed containing such an\n<object> tag which sets the charset of the framed document to\nUTF-7. This could potentially allow an attacker to inject UTF-7\nencoded JavaScript into a site, bypassing the site's XSS filters, and\nthen executing the code using the above technique.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768", "reference_id": "CVE-2010-2768", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2768" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61", "reference_id": "mfsa2010-61", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-61" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2768" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1na-6x4z-e3aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2204?format=api", "vulnerability_id": "VCID-fhxf-xr7y-23cn", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that the implementation of XUL\n<tree>'s content view contains a dangling pointer vulnerability.\nOne of the content view's methods for accessing the internal structure\nof the tree could be manipulated into removing a node prior to\naccessing it, resulting in the accessing of deleted memory. If an\nattacker can control the contents of the deleted memory prior to its\naccess they could use this vulnerability to run arbitrary code on a\nvictim's machine.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167", "reference_id": "CVE-2010-3167", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3167" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56", "reference_id": "mfsa2010-56", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-56" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-3167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhxf-xr7y-23cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2187?format=api", "vulnerability_id": "VCID-g3ws-tzqe-mkgg", "summary": "Security researcher Amit Klein reported that it\nwas possible to reverse engineer the value used to\nseed Math.random(). Since the pseudo-random number\ngenerator was only seeded once per browsing session, this seed value\ncould be used as a unique token to identify and track users across\ndifferent web sites.Update (October 27, 2010): After the Firefox 3.6.4\nand Firefox 3.5.10 releases, Amit Klein reported that there was an\nadditional unfixed case where user tracking could occur using the\nabove-mentioned technique and a pop-up window or iframe that was\nsubsequently navigated by the user. This additional variant is\nidentified as CVE-2010-3171.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171", "reference_id": "CVE-2010-3171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3171" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33", "reference_id": "mfsa2010-33", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/982?format=api", "purl": "pkg:mozilla/Firefox@3.5.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/981?format=api", "purl": "pkg:mozilla/Firefox@3.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-3171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3ws-tzqe-mkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2221?format=api", "vulnerability_id": "VCID-g7aa-s8j6-b3ef", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that XUL <tree> objects could\nbe manipulated such that the setting of certain properties on the\nobject would trigger the removal of the tree from the DOM and cause\ncertain sections of deleted memory to be accessed. In products based on\nGecko version 1.9.2 (Firefox 3.6, Thunderbird 3.1) and newer\nthis memory has been overwritten by a value that will cause an\nunexploitable crash. In products based on Gecko version 1.9.1 (Firefox 3.5,\nThunderbird 3.0, and SeaMonkey 2.0) and older an attacker could\npotentially use this vulnerability to crash a victim's browser and run\narbitrary code on their computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168", "reference_id": "CVE-2010-3168", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3168" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55", "reference_id": "mfsa2010-55", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-3168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7aa-s8j6-b3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2195?format=api", "vulnerability_id": "VCID-gtnu-ebdw-7uct", "summary": "Matt Haggard reported that\nthe statusText property of an XMLHttpRequest\nobject is readable by the requester even when the request is made\nacross origins. This status information reveals the presence of a web\nserver and could be used to gather information about servers on\ninternal private networks.This issue was also independently reported to Mozilla\nby Nicholas Berthaume", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764", "reference_id": "CVE-2010-2764", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2764" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63", "reference_id": "mfsa2010-63", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-63" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2764" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtnu-ebdw-7uct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2222?format=api", "vulnerability_id": "VCID-kh38-ksfk-b3cp", "summary": "Mozilla developers identified and fixed several memory safety bugs\nin the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169", "reference_id": "CVE-2010-3169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3169" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49", "reference_id": "mfsa2010-49", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-49" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-3169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kh38-ksfk-b3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2194?format=api", "vulnerability_id": "VCID-pykb-a18b-dbf8", "summary": "Security researcher Chris Rohlf of Matasano\nSecurity reported that the implementation of the HTML frameset element\ncontained an integer overflow vulnerability. The code responsible for\nparsing the frameset columns used an 8-byte counter for the column\nnumbers, so when a very large number of columns was passed in the\ncounter would overflow. When this counter was subsequently used to\nallocate memory for the frameset, the memory buffer would be too\nsmall, potentially resulting in a heap buffer overflow and execution\nof attacker-controlled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765", "reference_id": "CVE-2010-2765", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2765" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50", "reference_id": "mfsa2010-50", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-50" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2765" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pykb-a18b-dbf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2146?format=api", "vulnerability_id": "VCID-v91k-76fs-pbdd", "summary": "Security researcher wushi of team509 reported a\nheap buffer overflow in code routines responsible for transforming\ntext runs. A page could be constructed with a bidirectional text run\nwhich upon reflow could result in an incorrect length being calculated\nfor the run of text. When this value is subsequently used to allocate\nmemory for the text too small a buffer may be created potentially\nresulting in a buffer overflow and the execution of attacker\ncontrolled memory.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166", "reference_id": "CVE-2010-3166", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3166" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53", "reference_id": "mfsa2010-53", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-53" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-3166" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v91k-76fs-pbdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2173?format=api", "vulnerability_id": "VCID-x2uy-apkf-pqed", "summary": "Security researcher Sergey Glazunov reported a\ndangling pointer vulnerability in the implementation\nof navigator.plugins in which the navigator\nobject could retain a pointer to the plugins array even after it had\nbeen destroyed. An attacker could potentially use this issue to crash\nthe browser and run arbitrary code on a victim's computer.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767", "reference_id": "CVE-2010-2767", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2767" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51", "reference_id": "mfsa2010-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-2767" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2uy-apkf-pqed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2151?format=api", "vulnerability_id": "VCID-ydbn-ay8s-fkd9", "summary": "Security researcher Haifei Li of FortiGuard Labs\nreported that Firefox could be used to load a malicious code library\nthat had been planted on a victim's computer. Firefox attempts to\nload dwmapi.dll upon startup as part of its platform detection, so on\nsystems that don't have this library, such as Windows XP, Firefox will\nsubsequently attempt to load the library from the current working\ndirectory. An attacker could use this vulnerability to trick a user\ninto downloading a HTML file and a malicious copy of dwmapi.dll into\nthe same directory on their computer and opening the HTML file with\nFirefox, thus causing the malicious code to be executed. If the\nattacker was on the same network as the victim, the malicious DLL\ncould also be loaded via a UNC path. This DLL is only loaded at\nstartup so a successful attack requires that Firefox not currently\nbe running when it is asked to open the HTML\nfile and accompanying DLL.This issue was also independently reported to Mozilla\nby Acros Security. After the issue became public a\nnumber of other community members contacted Mozilla to report the\nissue.Firefox users on Windows Vista or Windows 7\nwere not vulnerable to this attack because dwmapi.dll is part\nof the OS in Vista and later versions and the legitimate copy\nis successfully loaded by\nFirefox before attempting to load the planted DLL.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131", "reference_id": "CVE-2010-3131", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3131" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52", "reference_id": "mfsa2010-52", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/985?format=api", "purl": "pkg:mozilla/Firefox@3.5.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/984?format=api", "purl": "pkg:mozilla/Firefox@3.6.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.9" } ], "aliases": [ "CVE-2010-3131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydbn-ay8s-fkd9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.12" }