Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2035?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2035?format=api", "vulnerability_id": "VCID-mhk9-euwa-pbfk", "summary": "Security researcher Frédéric Hoguin discovered\nthat the Mozilla Maintenance Service on Windows was vulnerable to a buffer\noverflow. This system is used to update software without invoking the User\nAccount Control (UAC) prompt. The Mozilla Maintenance Service is configured to\nallow unprivileged users to start it with arbitrary arguments. By manipulating\nthe data passed in these arguments, an attacker can execute arbitrary code with\nthe system privileges used by the service. This issue requires local file system\naccess to be exploitable.", "aliases": [ { "alias": "CVE-2013-0799" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/940?format=api", "purl": "pkg:mozilla/Firefox@20.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@20.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/941?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/942?format=api", "purl": "pkg:mozilla/Thunderbird@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@17.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/943?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.5" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799", "reference_id": "CVE-2013-0799", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-32", "reference_id": "mfsa2013-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-32" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhk9-euwa-pbfk" }