Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/2084?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/2084?format=api", "purl": "pkg:alpm/archlinux/firefox@97.0.2-1", "type": "alpm", "namespace": "archlinux", "name": "firefox", "version": "97.0.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "98.0-1", "latest_non_vulnerable_version": "101.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1862?format=api", "vulnerability_id": "VCID-84eg-x618-8fh1", "summary": "Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.", "references": [ { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-0843" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-84eg-x618-8fh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1704?format=api", "vulnerability_id": "VCID-dh5x-c794-tqbw", "summary": "If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387" }, { "reference_url": "https://security.archlinux.org/AVG-2713", "reference_id": "AVG-2713", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2713" }, { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11", "reference_id": "mfsa2022-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12", "reference_id": "mfsa2022-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-26384" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dh5x-c794-tqbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1705?format=api", "vulnerability_id": "VCID-fn1d-vq36-mkeu", "summary": "When installing an add-on, Thunderbird verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Thunderbird would not have noticed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387" }, { "reference_url": "https://security.archlinux.org/AVG-2713", "reference_id": "AVG-2713", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2713" }, { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11", "reference_id": "mfsa2022-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12", "reference_id": "mfsa2022-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-26387" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fn1d-vq36-mkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1860?format=api", "vulnerability_id": "VCID-fr7u-m88d-bqch", "summary": "While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage.", "references": [ { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-26382" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fr7u-m88d-bqch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1706?format=api", "vulnerability_id": "VCID-s1bx-3697-jqeq", "summary": "An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387" }, { "reference_url": "https://security.archlinux.org/AVG-2713", "reference_id": "AVG-2713", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2713" }, { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11", "reference_id": "mfsa2022-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12", "reference_id": "mfsa2022-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-26381" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1bx-3697-jqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1703?format=api", "vulnerability_id": "VCID-vbwy-936q-27fd", "summary": "When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26387" }, { "reference_url": "https://security.archlinux.org/AVG-2713", "reference_id": "AVG-2713", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2713" }, { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11", "reference_id": "mfsa2022-11", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12", "reference_id": "mfsa2022-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-26383" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbwy-936q-27fd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1861?format=api", "vulnerability_id": "VCID-vkmr-zg7z-9qay", "summary": "In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. This could have led to a use-after-free causing a potentially exploitable crash.", "references": [ { "reference_url": "https://security.archlinux.org/AVG-2714", "reference_id": "AVG-2714", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2714" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10", "reference_id": "mfsa2022-10", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-10" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/2085?format=api", "purl": "pkg:alpm/archlinux/firefox@98.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@98.0-1" } ], "aliases": [ "CVE-2022-26385" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkmr-zg7z-9qay" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@97.0.2-1" }