Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1146?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "type": "mozilla", "namespace": "", "name": "Firefox", "version": "29.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "30.0.0", "latest_non_vulnerable_version": "151.0.0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2727?format=api", "vulnerability_id": "VCID-2abx-thsg-bbdn", "summary": "Security researchers Tyson Smith and Jesse\nSchwartzentruber of the BlackBerry Security Automated Analysis Team\nused the Address Sanitizer tool while fuzzing to discover a use-after-free\nduring host resolution in some circumstances. This leads to a potentially\nexploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532", "reference_id": "CVE-2014-1532", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1532" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-46", "reference_id": "mfsa2014-46", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1532" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2abx-thsg-bbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2697?format=api", "vulnerability_id": "VCID-6xzj-rz52-k3gq", "summary": "Security researcher Ash reported an out of bounds read issue\nwith Web Audio. This issue could allow for web content to trigger crashes that\nare potentially exploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1522", "reference_id": "CVE-2014-1522", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1522" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-36", "reference_id": "mfsa2014-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1522" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6xzj-rz52-k3gq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2782?format=api", "vulnerability_id": "VCID-7vbu-djnz-8yge", "summary": "Security researcher Juho Nurminen reported that on Firefox\nfor Android, when the addressbar has been scrolled off screen, an attacker can\nprevent it from rendering again through the use of script interacting DOM\nevents. This allows an attacker to present a fake addressbar to the user,\npossibly leading to successful phishing attacks.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1527", "reference_id": "CVE-2014-1527", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1527" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-40", "reference_id": "mfsa2014-40", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-40" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1527" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vbu-djnz-8yge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2729?format=api", "vulnerability_id": "VCID-bzv3-5jce-2fam", "summary": "Security researcher Nils discovered a use-after-free error\nin which the imgLoader object is freed while an image is being\nresized. This results in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531", "reference_id": "CVE-2014-1531", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1531" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-44", "reference_id": "mfsa2014-44", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-44" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1531" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bzv3-5jce-2fam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2719?format=api", "vulnerability_id": "VCID-c4mc-49k8-7kfz", "summary": "Mozilla security researcher moz_bug_r_a4 reported a method\nto use browser navigations through history to load a website with that page's\nbaseURI property pointing to that of another site instead of the seemingly\nloaded one. The user will continue to see the incorrect site in the addressbar\nof the browser. This allows for a cross-site scripting (XSS) attack or the theft\nof data through a phishing attack. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530", "reference_id": "CVE-2014-1530", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1530" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-43", "reference_id": "mfsa2014-43", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1530" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4mc-49k8-7kfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2788?format=api", "vulnerability_id": "VCID-c8wr-e73p-qyaf", "summary": "Mozilla developers and community identified identified and fixed several\nmemory safety bugs in the browser engine used in Firefox and other Mozilla-based\nproducts. Some of these bugs showed evidence of memory corruption under certain\ncircumstances, and we presume that with enough effort at least some of these\ncould be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518", "reference_id": "CVE-2014-1518", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1518" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-34", "reference_id": "mfsa2014-34", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1518" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8wr-e73p-qyaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2763?format=api", "vulnerability_id": "VCID-dvah-yevw-quhe", "summary": "Security researcher Christian Heimes reported that the Network Security\nServices (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard\ncertificates. This leads to improper wildcard matching of domains when they\nshould not be matched in compliance with the specification. This issue was fixed\nin NSS version 3.16.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492", "reference_id": "CVE-2014-1492", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-45", "reference_id": "mfsa2014-45", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-45" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1492" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dvah-yevw-quhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2774?format=api", "vulnerability_id": "VCID-j3wh-hsad-dbhr", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a buffer\noverflow when a script uses a non-XBL object as an XBL object because the XBL\nstatus of the object is not properly validated. The resulting memory corruption\nis potentially exploitable. \nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524", "reference_id": "CVE-2014-1524", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1524" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-38", "reference_id": "mfsa2014-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1524" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j3wh-hsad-dbhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2705?format=api", "vulnerability_id": "VCID-jjau-wrpx-t7ea", "summary": "Security researcher Ash reported an issue affected the\nMozilla Maintenance Service on Windows systems. The Mozilla Maintenance Service\ninstaller writes to a temporary directory created during the update process\nwhich is writable by users. If malicious DLL files are placed within this\ndirectory during the update process, these DLL files can run in a privileged\ncontext through the Mozilla Maintenance Service's privileges, allowing for local\nprivilege escalation. \nThis issue does not affect Linux or OS X users and is confined\nto Windows.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520", "reference_id": "CVE-2014-1520", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-35", "reference_id": "mfsa2014-35", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-35" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1520" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jjau-wrpx-t7ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2756?format=api", "vulnerability_id": "VCID-kcz7-3gz8-jkhh", "summary": "Using the Address Sanitizer tool, security researcher Abhishek\nArya (Inferno) of the Google Chrome Security Team found a\nuse-after-free in the Text Track Manager while processing HTML video. This was\ncaused by inconsistent garbage collection of Text Track Manager variables and\nresults in a potentially exploitable crash.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1525", "reference_id": "CVE-2014-1525", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1525" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-39", "reference_id": "mfsa2014-39", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1525" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcz7-3gz8-jkhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2690?format=api", "vulnerability_id": "VCID-r82z-rbap-suh2", "summary": "Security researcher Mariusz Mlynski discovered an issue\nwhere sites that have been given notification permissions by a user can bypass\nsecurity checks on source components for the Web Notification API. This allows\nfor script to be run in a privileged context through notifications, leading to\narbitrary code execution on these sites.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529", "reference_id": "CVE-2014-1529", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1529" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-42", "reference_id": "mfsa2014-42", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1529" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r82z-rbap-suh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2749?format=api", "vulnerability_id": "VCID-rcjg-u9ug-7kgs", "summary": "Mozilla developer Boris Zbarsky discovered that the debugger\nwill work with some objects while bypassing XrayWrappers. This could lead to\nprivilege escalation if the victim used the debugger to interact with a\nmalicious page.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1526", "reference_id": "CVE-2014-1526", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1526" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-47", "reference_id": "mfsa2014-47", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-47" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1526" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rcjg-u9ug-7kgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2744?format=api", "vulnerability_id": "VCID-vt96-dyex-ykef", "summary": "Security researcher Abhishek Arya (Inferno) of the Google\nChrome Security Team used the Address Sanitizer tool to discover a fixed offset\nout of bounds read issue while decoding specifically formatted JPG format\nimages. This causes a non-exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523", "reference_id": "CVE-2014-1523", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1523" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-37", "reference_id": "mfsa2014-37", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-37" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1523" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vt96-dyex-ykef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2752?format=api", "vulnerability_id": "VCID-yyb5-8udq-eudb", "summary": "Security researcher Jukka Jylänki reported a crash in\nthe the Cairo graphics library. This happens when Cairo paints out-of-bounds to\nthe destination buffer in the compositing function when working with canvas in\ncertain circumstances. This issue allows malicious web content to cause a\npotentially exploitable crash.\nThis issue only affects Firefox 28 and Seamonkey 2.25 on\nWindows. Earlier versions of both products and installations on Linux and OS X\nwere unaffected", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1528", "reference_id": "CVE-2014-1528", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1528" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-41", "reference_id": "mfsa2014-41", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-41" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1146?format=api", "purl": "pkg:mozilla/Firefox@29.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" } ], "aliases": [ "CVE-2014-1528" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyb5-8udq-eudb" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@29.0.0" }