{"url":"http://public2.vulnerablecode.io/api/packages/978?format=json","purl":"pkg:mozilla/Thunderbird@3.0.4","type":"mozilla","namespace":"","name":"Thunderbird","version":"3.0.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.0.5","latest_non_vulnerable_version":"151.0.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=json","vulnerability_id":"VCID-4qcc-z8qp-83e5","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted. This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175","reference_id":"CVE-2010-0175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17","reference_id":"mfsa2010-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/978?format=json","purl":"pkg:mozilla/Thunderbird@3.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.4"}],"aliases":["CVE-2010-0175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qcc-z8qp-83e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=json","vulnerability_id":"VCID-8611-tzyq-e7b3","summary":"Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content. This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182","reference_id":"CVE-2010-0182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24","reference_id":"mfsa2010-24","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/978?format=json","purl":"pkg:mozilla/Thunderbird@3.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.4"}],"aliases":["CVE-2010-0182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8611-tzyq-e7b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=json","vulnerability_id":"VCID-atus-ryef-17h1","summary":"Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue. Firefox 3 does not contain the fix for this issue.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555"},{"reference_url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6","reference_id":"GHSA-f7w7-6pjc-wwm6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22","reference_id":"mfsa2010-22","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/978?format=json","purl":"pkg:mozilla/Thunderbird@3.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.4"}],"aliases":["CVE-2009-3555","GHSA-f7w7-6pjc-wwm6","VU#120541"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=json","vulnerability_id":"VCID-qq5u-em1p-9kat","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173","reference_id":"CVE-2010-0173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16","reference_id":"mfsa2010-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/978?format=json","purl":"pkg:mozilla/Thunderbird@3.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.4"}],"aliases":["CVE-2010-0173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5u-em1p-9kat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=json","vulnerability_id":"VCID-tr7s-z4p8-jbdn","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway . In certain cases, the number of\nreferences to an