Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Thunderbird@3.1.16
Typemozilla
Namespace
NameThunderbird
Version3.1.16
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.1.17
Latest_non_vulnerable_version151.0.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8zvx-szzh-cubm
vulnerability_id VCID-8zvx-szzh-cubm
summary 
Yosuke Hasegawa reported that the Mozilla browser engine
mishandled invalid sequences in the Shift-JIS encoding. When encountering an
invalid pair Mozilla would turn the entire two-byte sequence into a single
unknown character rather than an unknown character followed by a valid
single-byte character. On some sites attackers may have been able to
end their input with the first byte of a two byte sequence; when that
input was later put into a page context it might cause the following
delimiter (such as a double-quote) to be consumed, breaking the format
of the page.  Depending on the page this could potentially be used to
steal data or inject script into the page.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
reference_id CVE-2011-3648
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2011-47
reference_id mfsa2011-47
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2011-47
fixed_packages
0
url pkg:mozilla/Thunderbird@3.1.16
purl pkg:mozilla/Thunderbird@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16
1
url pkg:mozilla/Thunderbird@8.0.0
purl pkg:mozilla/Thunderbird@8.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@8.0.0
aliases CVE-2011-3648
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zvx-szzh-cubm
1
url VCID-xhr9-3tgh-6ubu
vulnerability_id VCID-xhr9-3tgh-6ubu
summary 
Mozilla security researcher moz_bug_r_a4 reported that
the problem described in MFSA 2011-43 and fixed in
Firefox 7 also affected Firefox 3.6: a malicious page could potentially
exploit a Firefox user who had installed an add-on that used loadSubscript
in vulnerable ways.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647
reference_id CVE-2011-3647
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2011-46
reference_id mfsa2011-46
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2011-46
fixed_packages
0
url pkg:mozilla/Thunderbird@3.1.16
purl pkg:mozilla/Thunderbird@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16
aliases CVE-2011-3647
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhr9-3tgh-6ubu
2
url VCID-xvbn-ap9n-gkh9
vulnerability_id VCID-xvbn-ap9n-gkh9
summary 
Marc Schoenefeld reported a crash when using Firebug
to profile a JavaScript file with many functions. It may be possible
to trigger this crash without the use of debugging APIs, and if so
this could be exploitable.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
reference_id CVE-2011-3650
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2011-49
reference_id mfsa2011-49
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2011-49
fixed_packages
0
url pkg:mozilla/Thunderbird@3.1.16
purl pkg:mozilla/Thunderbird@3.1.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16
1
url pkg:mozilla/Thunderbird@8.0.0
purl pkg:mozilla/Thunderbird@8.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@8.0.0
aliases CVE-2011-3650
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvbn-ap9n-gkh9
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16