{"url":"http://public2.vulnerablecode.io/api/packages/1205?format=json","purl":"pkg:mozilla/Thunderbird@3.1.16","type":"mozilla","namespace":"","name":"Thunderbird","version":"3.1.16","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.1.17","latest_non_vulnerable_version":"151.0.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2832?format=json","vulnerability_id":"VCID-8zvx-szzh-cubm","summary":"Yosuke Hasegawa reported that the Mozilla browser engine\nmishandled invalid sequences in the Shift-JIS encoding. When encountering an\ninvalid pair Mozilla would turn the entire two-byte sequence into a single\nunknown character rather than an unknown character followed by a valid\nsingle-byte character. On some sites attackers may have been able to\nend their input with the first byte of a two byte sequence; when that\ninput was later put into a page context it might cause the following\ndelimiter (such as a double-quote) to be consumed, breaking the format\nof the page.  Depending on the page this could potentially be used to\nsteal data or inject script into the page.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648","reference_id":"CVE-2011-3648","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47","reference_id":"mfsa2011-47","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-47"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1205?format=json","purl":"pkg:mozilla/Thunderbird@3.1.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/1204?format=json","purl":"pkg:mozilla/Thunderbird@8.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@8.0.0"}],"aliases":["CVE-2011-3648"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zvx-szzh-cubm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2873?format=json","vulnerability_id":"VCID-xhr9-3tgh-6ubu","summary":"Mozilla security researcher moz_bug_r_a4 reported that\nthe problem described in MFSA 2011-43 and fixed in\nFirefox 7 also affected Firefox 3.6: a malicious page could potentially\nexploit a Firefox user who had installed an add-on that used loadSubscript\nin vulnerable ways.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647","reference_id":"CVE-2011-3647","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3647"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46","reference_id":"mfsa2011-46","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1205?format=json","purl":"pkg:mozilla/Thunderbird@3.1.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16"}],"aliases":["CVE-2011-3647"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhr9-3tgh-6ubu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2884?format=json","vulnerability_id":"VCID-xvbn-ap9n-gkh9","summary":"Marc Schoenefeld reported a crash when using Firebug\nto profile a JavaScript file with many functions. It may be possible\nto trigger this crash without the use of debugging APIs, and if so\nthis could be exploitable.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650","reference_id":"CVE-2011-3650","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49","reference_id":"mfsa2011-49","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2011-49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1205?format=json","purl":"pkg:mozilla/Thunderbird@3.1.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/1204?format=json","purl":"pkg:mozilla/Thunderbird@8.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@8.0.0"}],"aliases":["CVE-2011-3650"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xvbn-ap9n-gkh9"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.16"}