{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","type":"mozilla","namespace":"","name":"Firefox ESR","version":"17.0.3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"17.0.4","latest_non_vulnerable_version":"140.11.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2027?format=json","vulnerability_id":"VCID-28dv-1huw-suav","summary":"Google security researcher Michal Zalewski reported an issue\nwhere the browser displayed the content of a proxy's 407 response if a user\ncanceled the proxy's authentication prompt. In this circumstance, the addressbar\nwill continue to show the requested site's address, including HTTPS addresses\nthat appear to be secure. This spoofing of addresses can be used for phishing\nattacks by fooling users into entering credentials, for example.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776","reference_id":"CVE-2013-0776","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-27","reference_id":"mfsa2013-27","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}],"aliases":["CVE-2013-0776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28dv-1huw-suav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2062?format=json","vulnerability_id":"VCID-5vx2-bbg6-dqc7","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783","reference_id":"CVE-2013-0783","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-21","reference_id":"mfsa2013-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}],"aliases":["CVE-2013-0783"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vx2-bbg6-dqc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2093?format=json","vulnerability_id":"VCID-61wu-gztf-9kcw","summary":"Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a series of\nuse-after-free, out of bounds read, and buffer overflow problems rated as low to\ncritical security issues in shipped software. Some of these issues are\npotentially exploitable, allowing for remote code execution. We would also like\nto thank Abhishek for reporting four additional use-after-free and out of bounds\nwrite flaws introduced during Firefox development that were fixed before general\nrelease. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780","reference_id":"CVE-2013-0780","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-28","reference_id":"mfsa2013-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}],"aliases":["CVE-2013-0780"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-61wu-gztf-9kcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2051?format=json","vulnerability_id":"VCID-aper-acm9-6qf8","summary":"Mozilla security researcher Frederik Braun discovered that\nsince Firefox 15 the file system location of the active browser profile was\navailable to JavaScript workers. While not dangerous by itself, this could\npotentially be combined with other vulnerabilities to target the profile in an\nattack.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774","reference_id":"CVE-2013-0774","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0774"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-25","reference_id":"mfsa2013-25","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}],"aliases":["CVE-2013-0774"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aper-acm9-6qf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2128?format=json","vulnerability_id":"VCID-p443-392w-cbgu","summary":"Mozilla developer Bobby Holley discovered that it was\npossible to bypass some protections in Chrome Object Wrappers (COW) and System\nOnly Wrappers (SOW), making their prototypes mutable by web content. This could\nbe used leak information from chrome objects and possibly allow for arbitrary\ncode execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773","reference_id":"CVE-2013-0773","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0773"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-24","reference_id":"mfsa2013-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}],"aliases":["CVE-2013-0773"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p443-392w-cbgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2022?format=json","vulnerability_id":"VCID-rr13-9bgc-77g1","summary":"Security researcher Nils reported a use-after-free in\nnsImageLoadingContent when content script is executed. This could\nallow for arbitrary code execution.\nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775","reference_id":"CVE-2013-0775","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-26","reference_id":"mfsa2013-26","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/960?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}],"aliases":["CVE-2013-0775"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rr13-9bgc-77g1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.3"}