Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Firefox%20ESR@31.7.0
Typemozilla
Namespace
NameFirefox ESR
Version31.7.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version31.8.0
Latest_non_vulnerable_version140.11.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2u3s-8pqy-27gd
vulnerability_id VCID-2u3s-8pqy-27gd
summary 
Security researcher Aki Helin used the Address Sanitizer
tool to find a buffer overflow during video playback on Linux systems. This was
due to a problem in older versions of the Gstreamer plugin during the parsing of
H.264 formatted video. This issue could be used to induce a possibly exploitable
crash.
This issue does not affect the current 1.0 version of Gstreamer
and does not affect Windows or OS X systems.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797
reference_id CVE-2015-0797
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-47
reference_id mfsa2015-47
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-47
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.7.0
purl pkg:mozilla/Firefox%20ESR@31.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0
aliases CVE-2015-0797
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u3s-8pqy-27gd
1
url VCID-g4jc-hh17-wbex
vulnerability_id VCID-g4jc-hh17-wbex
summary 
Mozilla developers and community identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708
reference_id CVE-2015-2708
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-46
reference_id mfsa2015-46
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-46
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.7.0
purl pkg:mozilla/Firefox%20ESR@31.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0
aliases CVE-2015-2708
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g4jc-hh17-wbex
2
url VCID-gj9v-hz2y-j3h2
vulnerability_id VCID-gj9v-hz2y-j3h2
summary 
Using the Address Sanitizer tool, security researcher Atte
Kettunen found a buffer overflow during the rendering of SVG format
graphics when combined with specific CSS properties on a page. This results in a
potentially exploitable crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
reference_id CVE-2015-2710
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-48
reference_id mfsa2015-48
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-48
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.7.0
purl pkg:mozilla/Firefox%20ESR@31.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0
aliases CVE-2015-2710
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gj9v-hz2y-j3h2
3
url VCID-nzaw-bp6y-qkbq
vulnerability_id VCID-nzaw-bp6y-qkbq
summary 
Security researcher Ucha Gobejishvili used the Address
Sanitizer tool to find a buffer overflow while parsing compressed XML content.
This was due to an error in how buffer space is created and modified when
handling large amounts of XML data. This results in a potentially exploitable
crash.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716
reference_id CVE-2015-2716
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-54
reference_id mfsa2015-54
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-54
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.7.0
purl pkg:mozilla/Firefox%20ESR@31.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0
aliases CVE-2015-2716
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzaw-bp6y-qkbq
4
url VCID-sm73-ujuw-z7cy
vulnerability_id VCID-sm73-ujuw-z7cy
summary 
Security researcher Scott Bell used the Address Sanitizer
tool to discover a use-after-free error during the processing of text when
vertical text is enabled. This leads to a potentially exploitable crash.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
reference_id CVE-2015-2713
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-51
reference_id mfsa2015-51
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-51
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.7.0
purl pkg:mozilla/Firefox%20ESR@31.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0
aliases CVE-2015-2713
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sm73-ujuw-z7cy
5
url VCID-yff7-y65u-2fbt
vulnerability_id VCID-yff7-y65u-2fbt
summary 
Mozilla Developer Jed Davis and Mozilla security engineer
Christoph Diehl reported that Mozilla had inherited a
Inter-process Communication (IPC) vulnerability when IPC was introduced into
Mozilla products through third-party code. This could allow for privilege
escalation through IPC channels due to lack of message validation in the
listener process. 
This issue only affects systems running Windows, leaving Linux
and OS X unaffected.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079
reference_id CVE-2011-3079
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3079
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-57
reference_id mfsa2015-57
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-57
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.7.0
purl pkg:mozilla/Firefox%20ESR@31.7.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0
aliases CVE-2011-3079
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yff7-y65u-2fbt
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.7.0