Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/989?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.5.8", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.5.9", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2180?format=api", "vulnerability_id": "VCID-3gpe-mdjk-fug4", "summary": "Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165", "reference_id": "CVE-2010-0165", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0165" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11", "reference_id": "mfsa2010-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0165" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gpe-mdjk-fug4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2214?format=api", "vulnerability_id": "VCID-76de-mqmg-vqgw", "summary": "Mozilla developers identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159", "reference_id": "CVE-2010-0159", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0159" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01", "reference_id": "mfsa2010-01", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007?format=api", "purl": "pkg:mozilla/Firefox@3.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.0" } ], "aliases": [ "CVE-2010-0159" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-76de-mqmg-vqgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2179?format=api", "vulnerability_id": "VCID-aj2z-mctb-jke9", "summary": "Security researcher Hidetake Jo of Microsoft\nVulnerability Research reported that the properties set on an object\npassed to showModalDialog were readable by the document\ncontained in the dialog, even when the document was from a different\ndomain. This is a violation of the same-origin policy and could\nresult in a website running untrusted JavaScript if it assumed\nthe dialogArguments could not be initialized by another\nsite.An anonymous security researcher, via TippingPoint's Zero Day\nInitiative, also independently reported this issue to Mozilla.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988", "reference_id": "CVE-2009-3988", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3988" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04", "reference_id": "mfsa2010-04", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007?format=api", "purl": "pkg:mozilla/Firefox@3.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.0" } ], "aliases": [ "CVE-2009-3988" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aj2z-mctb-jke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=api", "vulnerability_id": "VCID-cbf6-phh6-3kd3", "summary": "Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171", "reference_id": "CVE-2010-0171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12", "reference_id": "mfsa2010-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbf6-phh6-3kd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2165?format=api", "vulnerability_id": "VCID-fy48-6aec-s7g2", "summary": "Security researcher Alin Rad Pop of Secunia\nResearch reported that the HTML parser incorrectly freed used memory\nwhen insufficient space was available to process remaining input.\nUnder such circumstances, memory occupied by in-use objects was freed\nand could later be filled with attacker-controlled text. These\nconditions could result in the execution or arbitrary code if methods\non the freed objects were subsequently called.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571", "reference_id": "CVE-2009-1571", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1571" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03", "reference_id": "mfsa2010-03", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007?format=api", "purl": "pkg:mozilla/Firefox@3.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.0" } ], "aliases": [ "CVE-2009-1571" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fy48-6aec-s7g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2139?format=api", "vulnerability_id": "VCID-pjqn-kghb-k7fs", "summary": "Mozilla developer Wladimir Palant reported that\nstylesheets used in remote XUL documents can wind up in the XUL cache\nwhere it can later be accessed by browser chrome for use in styling\nthe user interface. A malicious website could use this issue to\npollute a user's XUL cache and change style attributes of their\nbrowser such as font size and color.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169", "reference_id": "CVE-2010-0169", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14", "reference_id": "mfsa2010-14", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-14" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" } ], "aliases": [ "CVE-2010-0169" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjqn-kghb-k7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2163?format=api", "vulnerability_id": "VCID-scs8-y8pt-mkh2", "summary": "Security researcher Orlando Barrera II of SecTheory reported,\nvia TippingPoint's Zero Day Initiative, that Mozilla's implementation\nof Web Workers contained an error in its handling of array data types\nwhen processing posted messages. This error could be used by an\nattacker to corrupt heap memory and crash the browser, potentially\nrunning arbitrary code on a victim's computer.Web Workers were introduced in Firefox 3.5; Firefox 3.0\nand earlier versions were not affected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160", "reference_id": "CVE-2010-0160", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0160" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02", "reference_id": "mfsa2010-02", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007?format=api", "purl": "pkg:mozilla/Firefox@3.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.0" } ], "aliases": [ "CVE-2010-0160" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scs8-y8pt-mkh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2218?format=api", "vulnerability_id": "VCID-u9ed-ugwr-s3e7", "summary": "Mozilla security researcher Georgi Guninski\nreported that when a SVG document which is served\nwith Content-Type: application/octet-stream is embedded\ninto another document via an <embed> tag\nwith type=\"image/svg+xml\", the Content-Type is ignored\nand the SVG document is processed normally. A website which allows\narbitrary binary data to be uploaded but which relies\non Content-Type: application/octet-stream to prevent\nscript execution could have such protection bypassed. An attacker\ncould upload a SVG document containing JavaScript as a binary file to\na website, embed the SVG document into a malicious page on another\nsite, and gain access to the script environment from the SVG-serving\nsite, bypassing the same-origin policy.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162", "reference_id": "CVE-2010-0162", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05", "reference_id": "mfsa2010-05", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1007?format=api", "purl": "pkg:mozilla/Firefox@3.6.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.0" } ], "aliases": [ "CVE-2010-0162" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9ed-ugwr-s3e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2154?format=api", "vulnerability_id": "VCID-w2pm-349a-ayc4", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179", "reference_id": "CVE-2010-0179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21", "reference_id": "mfsa2010-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/977?format=api", "purl": "pkg:mozilla/Firefox@3.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994?format=api", "purl": "pkg:mozilla/Firefox@3.5.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/993?format=api", "purl": "pkg:mozilla/Firefox@3.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.13" } ], "aliases": [ "CVE-2010-0179" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pm-349a-ayc4" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }