Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:mozilla/Firefox@36.0.3

Type mozilla

Namespace

Name Firefox

Version 36.0.3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 36.0.4

Latest_non_vulnerable_version 151.0.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-q89v-v5au-w7a1

vulnerability_id VCID-q89v-v5au-w7a1

summary

Security researcher ilxu1a reported, through HP Zero Day
Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array
bounds checking in JavaScript just-in-time compilation (JIT) and its management
of bounds checking for heap access. This flaw can be leveraged into the reading
and writing of memory allowing for arbitrary code execution on the local system.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
reference_id	CVE-2015-0817
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-29

reference_id

mfsa2015-29

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-29

fixed_packages

url	pkg:mozilla/Firefox@36.0.3
purl	pkg:mozilla/Firefox@36.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.3

aliases CVE-2015-0817

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q89v-v5au-w7a1

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.3

Package Instance