{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","type":"mozilla","namespace":"","name":"Firefox ESR","version":"10.0.12","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"17.0.1","latest_non_vulnerable_version":"140.11.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2059?format=json","vulnerability_id":"VCID-21yt-shbz-6qec","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769","reference_id":"CVE-2013-0769","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0769"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01","reference_id":"mfsa2013-01","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-21yt-shbz-6qec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2102?format=json","vulnerability_id":"VCID-6tpm-suyb-hkgt","summary":"Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free in XMLSerializer by the exposing of serializeToStream to web content. This can lead to arbitrary code execution when exploited. \nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753","reference_id":"CVE-2013-0753","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0753"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16","reference_id":"mfsa2013-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-16"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0753"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tpm-suyb-hkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2384?format=json","vulnerability_id":"VCID-a3yp-gt8d-9qaw","summary":"Security researcher Robert Kugler reported that when a specifically named DLL file on a Windows computer is placed in the default downloads directory with the Firefox installer, the Firefox installer will load this DLL when it is launched. In circumstances where the installer is run by an administrator privileged account, this allows for the downloaded DLL file to be run with administrator privileges. This can lead to arbitrary code execution from a privileged account. \nAdditional vulnerable DLL file names were found and fixed in Firefox 18.0, Firefox ESR 17.0.1, and Firefox ESR 10.0.12 releases.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206","reference_id":"CVE-2012-4206","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4206"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98","reference_id":"mfsa2012-98","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/966?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1085?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.1"}],"aliases":["CVE-2012-4206"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3yp-gt8d-9qaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2041?format=json","vulnerability_id":"VCID-av5g-zrar-auag","summary":"Security researcher pa_kt reported a flaw via TippingPoint's Zero Day Initiative that an integer overflow is possible when calculating the length for a Javascript string concatenation, which is then used for memory allocation. This results in a buffer overflow, leading to a potentially exploitable memory corruption.\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750","reference_id":"CVE-2013-0750","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0750"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12","reference_id":"mfsa2013-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0750"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av5g-zrar-auag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2067?format=json","vulnerability_id":"VCID-bpt7-93kb-77aw","summary":"Mozilla developer Boris Zbarsky reported reported a problem where jsval-returning quickstubs fail to wrap their return values, causing a compartment mismatch. This mismatch can cause garbage collection to occur incorrectly and lead to a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746","reference_id":"CVE-2013-0746","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0746"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09","reference_id":"mfsa2013-09","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0746"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpt7-93kb-77aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2042?format=json","vulnerability_id":"VCID-fu8u-aber-e7de","summary":"Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting three additional user-after-free and out of bounds read flaws introduced during Firefox development that were fixed before general release. \nIn general these flaws cannot be exploited through email in the\nThunderbird and SeaMonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760","reference_id":"CVE-2013-0760","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0760"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02","reference_id":"mfsa2013-02","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/966?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0760"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu8u-aber-e7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2084?format=json","vulnerability_id":"VCID-g446-xsu4-zqhh","summary":"Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered that the combination of large numbers of columns and column groups in a table could cause the array containing the columns during rendering to overwrite itself. This can lead to a user-after-free causing a potentially exploitable crash.\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744","reference_id":"CVE-2013-0744","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0744"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05","reference_id":"mfsa2013-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0744"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g446-xsu4-zqhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2088?format=json","vulnerability_id":"VCID-mkma-rkxf-7yet","summary":"Mozilla security researcher Jesse Ruderman discovered that using the toString function of XBL objects can lead to inappropriate information leakage by revealing the address space layout instead of just the ID of the object. This layout information could potentially be used to bypass ASLR and other security protections.\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748","reference_id":"CVE-2013-0748","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0748"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11","reference_id":"mfsa2013-11","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0748"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkma-rkxf-7yet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2033?format=json","vulnerability_id":"VCID-neyp-pa6t-hyee","summary":"Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution.\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758","reference_id":"CVE-2013-0758","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0758"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15","reference_id":"mfsa2013-15","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0758"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-neyp-pa6t-hyee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2078?format=json","vulnerability_id":"VCID-snyz-htg6-xufw","summary":"Security researcher Masato Kinugawa found a flaw in which the displayed URL values within the addressbar can be spoofed by a page during loading. This allows for phishing attacks where a malicious page can spoof the identify of another site. \nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759","reference_id":"CVE-2013-0759","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0759"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04","reference_id":"mfsa2013-04","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0759"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snyz-htg6-xufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2104?format=json","vulnerability_id":"VCID-vsv8-huax-r3a6","summary":"Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free within the ListenerManager when garbage collection is forced after data in listener objects have been allocated in some circumstances. This results in a use-after-free which can lead to arbitrary code execution.\nIn general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754","reference_id":"CVE-2013-0754","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0754"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17","reference_id":"mfsa2013-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963?format=json","purl":"pkg:mozilla/Firefox%20ESR@10.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/914?format=json","purl":"pkg:mozilla/Firefox%20ESR@17.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.2"}],"aliases":["CVE-2013-0754"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vsv8-huax-r3a6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.12"}