Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1122?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "3.0.11", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.0.12", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2604?format=api", "vulnerability_id": "VCID-46dq-fn5m-nfdf", "summary": "Mozilla add-on developer and community member Wladimir\nPalant reported that content-loading policies were not\nchecked before loading external script files into XUL documents.\nThe severity of this problem would depend on the reasons behind the\ncontent policy check, which include privacy from \"web bugs\" in\nThunderbird mail messages, blocking of Ads and Ad-server tracking\nin AdBlock Plus.The original version of this advisory incorrectly claimed\nthat NoScript protection could by bypassed; NoScript was unaffected.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840", "reference_id": "CVE-2009-1840", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1840" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31", "reference_id": "mfsa2009-31", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-31" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1840" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46dq-fn5m-nfdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2603?format=api", "vulnerability_id": "VCID-bchr-4frg-pkcd", "summary": "Mozilla security researcher moz_bug_r_a4 reported\na vulnerability which allows scripts from page content to run with\nelevated privileges. Using this vulnerability, an attacker could\ncause a chrome privileged object, such as the browser sidebar or the\nFeedWriter, to interact with web content in such a way that attacker\ncontrolled code may be executed with the object's chrome\nprivileges.Thunderbird supports neither the sidebar nor\nBrowserFeedWriter objects and is not vulnerable in its default\nconfiguration. Thunderbird might be vulnerable if the user has installed\nany add-on which adds a similarly implemented feature and then enables\nJavaScript in mail messages. This is not the default setting and we\nstrongly discourage users from running JavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841", "reference_id": "CVE-2009-1841", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1841" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32", "reference_id": "mfsa2009-32", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1841" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bchr-4frg-pkcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2683?format=api", "vulnerability_id": "VCID-d1d9-6j5m-jqbj", "summary": "Jakob Balle and Carsten Eiram of\nSecunia Research reported a race condition\nin NPObjWrapper_NewResolve when accessing the properties\nof a NPObject, a wrapped JSObject. Balle\nand Eiram demonstrated that this condition could be reached by\nnavigating away from a web page during the loading of a Java applet.\nUnder such conditions the Java object would be destroyed but later\ncalled into resulting in a free memory read. It might be possible\nfor an attacker to write to the freed memory before it is reused and run\narbitrary code on the victim's computer.This vulnerability does not affect Firefox 2 nor other\nproducts built using the \"Gecko 1.8\" version of Mozilla code.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837", "reference_id": "CVE-2009-1837", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1837" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28", "reference_id": "mfsa2009-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1837" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1d9-6j5m-jqbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2640?format=api", "vulnerability_id": "VCID-eprr-1559-u3dn", "summary": "Mozilla add-on developer Pavel Cvrcek reported\nthat certain invalid unicode characters, when used as part of an IDN,\nare displayed as whitespace in the location bar. This whitespace\ncould be used to force part of the URL out of view in the location\nbar. An attacker could use this vulnerability to spoof the location\nbar and display a misleading URL for their malicious web page.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834", "reference_id": "CVE-2009-1834", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1834" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25", "reference_id": "mfsa2009-25", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1834" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eprr-1559-u3dn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2605?format=api", "vulnerability_id": "VCID-gkgb-xbu6-93fx", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the owner document of an element can become null after garbage\ncollection. In such cases, event listeners may be executed within the\nwrong JavaScript context. An attacker could potentially use this\nvulnerability to have a malicious event handler execute arbitrary\nJavaScript with chrome privileges.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838", "reference_id": "CVE-2009-1838", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1838" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29", "reference_id": "mfsa2009-29", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1838" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gkgb-xbu6-93fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2670?format=api", "vulnerability_id": "VCID-x7gc-qnmk-ebfk", "summary": "Security researchers Adam Barth and Collin\nJackson reported that when a file: resource is\nloaded via the location bar it inherits the principal of the\npreviously loaded document. This vulnerability can potentially give\nthe newly loaded document additional privileges to access the contents\nof other local files that it wouldn't otherwise have permission to read.\nA potential victim would first have to have downloaded the attackers\ndocument to their local machine. Then the victim would have to open another\ndocument in a directory of interest to the attacker before opening the\nattacker's file in the same window.\nPrior to version 3.0, Firefox (like browsers from other\nvendors) treated all local files as having the same origin without\nrestriction. This vulnerability is a partial bypass of the restrictions\nimplemented in Firefox 3.0", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839", "reference_id": "CVE-2009-1839", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30", "reference_id": "mfsa2009-30", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-30" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1839" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x7gc-qnmk-ebfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2608?format=api", "vulnerability_id": "VCID-ydxj-aet2-m7b1", "summary": "Mozilla developers and community members identified and fixed\nseveral stability bugs in the browser engine used in Firefox and other\nMozilla-based products. Some of these crashes showed evidence of\nmemory corruption under certain circumstances and we presume that with\nenough effort at least some of these could be exploited to run\narbitrary code.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail. Without further investigation we cannot rule out\nthe possibility that for some of these an attacker might be able to\nprepare memory for exploitation through some means other than\nJavaScript such as large images.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392", "reference_id": "CVE-2009-1392", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1392" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24", "reference_id": "mfsa2009-24", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1392" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ydxj-aet2-m7b1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2680?format=api", "vulnerability_id": "VCID-yuz9-ee71-u7fa", "summary": "Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL. If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer. Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835", "reference_id": "CVE-2009-1835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26", "reference_id": "mfsa2009-26", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1122?format=api", "purl": "pkg:mozilla/Firefox@3.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" } ], "aliases": [ "CVE-2009-1835" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuz9-ee71-u7fa" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11" }