Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2134?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2134?format=api", "vulnerability_id": "VCID-54xd-e1tz-myck", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat when content script which is running in a chrome context accesses\na content object via SJOW, the content code can gain access to an\nobject from the chrome scope and use that object to run arbitrary\nJavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from\nGecko 1.9.1 were not affected by this issue.", "aliases": [ { "alias": "CVE-2010-1215" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/972?format=api", "purl": "pkg:mozilla/Firefox@3.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/980?format=api", "purl": "pkg:mozilla/Thunderbird@3.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.1" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215", "reference_id": "CVE-2010-1215", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38", "reference_id": "mfsa2010-38", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-38" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-54xd-e1tz-myck" }