{"url":"http://public2.vulnerablecode.io/api/packages/4106?format=json","purl":"pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1","type":"deb","namespace":"debian","name":"nspr","version":"4.8.6-1+squeeze1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:4.12-1+debu8u1","latest_non_vulnerable_version":"2:4.12-1+debu8u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2771?format=json","vulnerability_id":"VCID-2j41-vcxe-w3af","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team reported an out of bounds write in the \nNetscape \nPortable Runtime (NSPR) leading to a potentially exploitable crash or code\nexecution. This issue is fixed in NSPR version 4.10.6.\nThis NSPR flaw was not exposed to web content in any shipped version of Firefox.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545","reference_id":"CVE-2014-1545","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-55","reference_id":"mfsa2014-55","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-55"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4108?format=json","purl":"pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j41-vcxe-w3af"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-qqrz-4j53-d3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4577?format=json","purl":"pkg:deb/debian/nspr@2:4.10.7-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sem-6a6r-suem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.10.7-1"}],"aliases":["CVE-2014-1545"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2j41-vcxe-w3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2911?format=json","vulnerability_id":"VCID-2sem-6a6r-suem","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"CVE-2015-7183","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4108?format=json","purl":"pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j41-vcxe-w3af"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-qqrz-4j53-d3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4578?format=json","purl":"pkg:deb/debian/nspr@2:4.12-1%2Bdebu8u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.12-1%252Bdebu8u1"}],"aliases":["CVE-2015-7183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sem-6a6r-suem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1984?format=json","vulnerability_id":"VCID-qqrz-4j53-d3b8","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607","reference_id":"CVE-2013-5607","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4108?format=json","purl":"pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j41-vcxe-w3af"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-qqrz-4j53-d3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4577?format=json","purl":"pkg:deb/debian/nspr@2:4.10.7-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2sem-6a6r-suem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.10.7-1"}],"aliases":["CVE-2013-5607"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqrz-4j53-d3b8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2627?format=json","vulnerability_id":"VCID-ngse-2y4s-13hs","summary":"Security researcher Alin Rad Pop of Secunia\nResearch reported a heap-based buffer overflow in Mozilla's string to\nfloating point number conversion routines.  Using this vulnerability\nan attacker could craft some malicious JavaScript code containing a\nvery long string to be converted to a floating point number which\nwould result in improper memory allocation and the execution of an\narbitrary memory location.  This vulnerability could thus be leveraged\nby the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used\nby Mozilla appears to be essentially the same as that reported against the\nlibc gdtoa routine by Maksymilian Arciemowicz.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689","reference_id":"CVE-2009-0689","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59","reference_id":"mfsa2009-59","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-59"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4106?format=json","purl":"pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j41-vcxe-w3af"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-qqrz-4j53-d3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.8.6-1%252Bsqueeze1"}],"aliases":["CVE-2009-0689"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ngse-2y4s-13hs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2170?format=json","vulnerability_id":"VCID-zp8z-8z1b-3fep","summary":"Mozilla developers took fixes from previously fixed memory safety\nbugs in newer Mozilla-based products and ported them to the Mozilla\n1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey\n1.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463","reference_id":"CVE-2009-2463","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34","reference_id":"mfsa2009-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07","reference_id":"mfsa2010-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4106?format=json","purl":"pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j41-vcxe-w3af"},{"vulnerability":"VCID-2sem-6a6r-suem"},{"vulnerability":"VCID-qqrz-4j53-d3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.8.6-1%252Bsqueeze1"}],"aliases":["CVE-2009-2463"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zp8z-8z1b-3fep"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.8.6-1%252Bsqueeze1"}