Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Firefox%20ESR@38.8.0
Typemozilla
Namespace
NameFirefox ESR
Version38.8.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version45.1.0
Latest_non_vulnerable_version140.11.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-27t5-214b-33g2
vulnerability_id VCID-27t5-214b-33g2
summary 
Using Address Sanitizer, security researcher Sascha Just reported a
buffer overflow in the libstagefright library due to issues with the handling of CENC
offsets and the sizes table. This results in a potentially exploitable crash triggerable
through web content.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814
reference_id CVE-2016-2814
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-44
reference_id mfsa2016-44
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-44
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
1
url pkg:mozilla/Firefox%20ESR@45.1.0
purl pkg:mozilla/Firefox%20ESR@45.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.1.0
aliases CVE-2016-2814
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27t5-214b-33g2
1
url VCID-7hry-whqg-97gm
vulnerability_id VCID-7hry-whqg-97gm
summary 
Mozilla developers fixed several memory safety bugs in the browser engine used in
Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory
corruption under certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807
reference_id CVE-2016-2807
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-39
reference_id mfsa2016-39
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-39
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
1
url pkg:mozilla/Firefox%20ESR@45.1.0
purl pkg:mozilla/Firefox%20ESR@45.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.1.0
aliases CVE-2016-2807
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7hry-whqg-97gm
2
url VCID-fam8-n44k-2qh7
vulnerability_id VCID-fam8-n44k-2qh7
summary 
Mozilla developer Tim Taubert used the Address Sanitizer tool and
software fuzzing to discover a use-after-free vulnerability while processing DER encoded
keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the
freed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox
45.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
reference_id CVE-2016-1979
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-36
reference_id mfsa2016-36
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-36
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
aliases CVE-2016-1979
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7
3
url VCID-jwzp-ucfg-wycd
vulnerability_id VCID-jwzp-ucfg-wycd
summary 
Security researcher Hanno Böck reported that calculations with
mp_div and mp_exptmod in Network Security Services (NSS) can
produce wrong results in some circumstances. These functions are used within NSS for a
variety of cryptographic division functions, leading to potential cryptographic
weaknesses.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
reference_id CVE-2016-1938
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-07
reference_id mfsa2016-07
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-07
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
aliases CVE-2016-1938
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwzp-ucfg-wycd
4
url VCID-nmg1-t9x3-8kgb
vulnerability_id VCID-nmg1-t9x3-8kgb
summary 
The CESG, the Information Security Arm of GCHQ, reported that the
JavaScript .watch() method could be used to overflow the 32-bit generation
count of the underlying HashMap, resulting in a write to an invalid entry. Under the right
conditions this write could lead to arbitrary code execution. The overflow takes
considerable time and a malicious page would require a user to keep it open for the
duration of the attack.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808
reference_id CVE-2016-2808
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-47
reference_id mfsa2016-47
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-47
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
1
url pkg:mozilla/Firefox%20ESR@45.1.0
purl pkg:mozilla/Firefox%20ESR@45.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.1.0
aliases CVE-2016-2808
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmg1-t9x3-8kgb
5
url VCID-s692-wjkg-xkfr
vulnerability_id VCID-s692-wjkg-xkfr
summary Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978
reference_id CVE-2016-1978
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-15
reference_id mfsa2016-15
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-15
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
aliases CVE-2016-1978
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s692-wjkg-xkfr
6
url VCID-werm-rpt3-cuad
vulnerability_id VCID-werm-rpt3-cuad
summary 
Security researcher Jordi Chancel discovered a variant of Mozilla Foundation
Security Advisory 2015-136 which was fixed in Firefox 43. In the original bug, it
was possible to read cross-origin URLs following a redirect if
performance.getEntries() was used along with an iframe to host a page.
Navigating back in history through script, content was pulled from the browser cache for
the redirected location instead of going to the original location. In the newly reported
variant issue, it was found that if a browser session was restored, history navigation
would still allow for the same attack as content was restored from the browser cache. This
is a same-origin policy violation and could allow for data theft.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1967
reference_id CVE-2016-1967
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1967
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2016-29
reference_id mfsa2016-29
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2016-29
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@38.8.0
purl pkg:mozilla/Firefox%20ESR@38.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0
aliases CVE-2016-1967
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-werm-rpt3-cuad
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.8.0