{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","type":"mozilla","namespace":"","name":"SeaMonkey","version":"2.0.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.0.5","latest_non_vulnerable_version":"2.38.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2141?format=json","vulnerability_id":"VCID-4qcc-z8qp-83e5","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative that a select event handler for XUL\ntree items could be called after the tree item was deleted.  This\nresults in the execution of previously freed memory which an attacker\ncould use to crash a victim's browser and run arbitrary code on the\nvictim's computer.This vulnerability does not affect Firefox 3.6","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175","reference_id":"CVE-2010-0175","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0175"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17","reference_id":"mfsa2010-17","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qcc-z8qp-83e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2203?format=json","vulnerability_id":"VCID-8611-tzyq-e7b3","summary":"Mozilla community member Wladimir Palant reported\nthat XML documents were failing to call certain security checks when\nloading new content.  This could result in certain resources being\nloaded that would otherwise violate security policies set by the\nbrowser or installed add-ons.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182","reference_id":"CVE-2010-0182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0182"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24","reference_id":"mfsa2010-24","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8611-tzyq-e7b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2189?format=json","vulnerability_id":"VCID-8nnr-7fr7-gbc6","summary":"phpBB developer Henry Sudhof reported that when an\nimage tag points to a resource that redirects to\na mailto: URL, the external mail handler application is\nlaunched.  This issue poses no security threat to users but could\ncreate an annoyance when browsing a site that allows users to post\narbitrary images.This issue has not been fixed in Firefox 3.0","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181","reference_id":"CVE-2010-0181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0181"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23","reference_id":"mfsa2010-23","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nnr-7fr7-gbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2223?format=json","vulnerability_id":"VCID-atus-ryef-17h1","summary":"Mozilla developers added support in the Network Security Services\nmodule for preventing a type of man-in-the-middle attack against TLS\nusing forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and\nFirefox 3.5 users will need to set\ntheir security.ssl.require_safe_negotiation preference to\ntrue.  Firefox 3 does not contain the fix for this issue.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22","reference_id":"mfsa2010-22","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2009-3555"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2232?format=json","vulnerability_id":"VCID-ccxj-6r97-9uac","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the implementation of\nthe window.navigator.plugins object.  When a page\nreloads, the plugins array would reallocate all of its members without\nchecking for existing references to each member.  This could result in\nthe deletion of objects for which valid pointers still exist.  An\nattacker could use this vulnerability to crash a victim's browser and\nrun arbitrary code on the victim's machine.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177","reference_id":"CVE-2010-0177","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0177"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19","reference_id":"mfsa2010-19","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0177"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccxj-6r97-9uac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2206?format=json","vulnerability_id":"VCID-qq5u-em1p-9kat","summary":"Mozilla developers identified and fixed several stability bugs in\nthe browser engine used in Firefox and other Mozilla-based\nproducts. Some of these crashes showed evidence of memory corruption\nunder certain circumstances, and we presume that with enough effort at\nleast some of these could be exploited to run arbitrary code.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173","reference_id":"CVE-2010-0173","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0173"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16","reference_id":"mfsa2010-16","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-16"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0173"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5u-em1p-9kat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2133?format=json","vulnerability_id":"VCID-tr7s-z4p8-jbdn","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative an error in the\nway <option> elements are inserted into a XUL\ntree <optgroup>.  In certain cases, the number of\nreferences to an <option> element is under-counted so\nthat when the element is deleted, a live pointer to its old location\nis kept around and may later be used.  An attacker could potentially\nuse these conditions to run arbitrary code on a victim's computer.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176","reference_id":"CVE-2010-0176","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0176"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18","reference_id":"mfsa2010-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0176"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tr7s-z4p8-jbdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2208?format=json","vulnerability_id":"VCID-w9jx-nwdg-8yaw","summary":"Security researcher Paul Stone reported that a\nbrowser applet could be used to turn a simple mouse click into a\ndrag-and-drop action, potentially resulting in the unintended loading\nof resources in a user's browser.  This behavior could be used twice\nin succession to first load a privileged chrome: URL in a\nvictim's browser, then load a malicious javascript: URL\non top of the same document resulting in arbitrary script execution\nwith chrome privileges.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178","reference_id":"CVE-2010-0178","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0178"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20","reference_id":"mfsa2010-20","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/979?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}],"aliases":["CVE-2010-0178"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w9jx-nwdg-8yaw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.4"}