Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2083?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2083?format=api", "vulnerability_id": "VCID-q65f-ghsg-kfca", "summary": "Security researcher Seb Patane reported that the Mozilla\nUpdater does not write-lock the MAR update file when it is in use by the\nUpdater. This leaves open the possibility of altering the contents of the MAR\nfile after the signature on the file has been verified as valid but before it\nhas been used. This could allow an attacker with access to the local system to\nsilently replace the contents of the update MAR file and either replace the\ninstalled software with their own or extract and run executables files with the\nsame privileges as that of the Mozilla Updater.", "aliases": [ { "alias": "CVE-2013-1726" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/945?format=api", "purl": "pkg:mozilla/Firefox@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@24.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/956?format=api", "purl": "pkg:mozilla/Firefox%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/959?format=api", "purl": "pkg:mozilla/Seamonkey@2.21.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.21.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/957?format=api", "purl": "pkg:mozilla/Thunderbird@24.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/958?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@17.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@17.0.9" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726", "reference_id": "CVE-2013-1726", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1726" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-83", "reference_id": "mfsa2013-83", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-83" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q65f-ghsg-kfca" }