Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2154?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2154?format=api", "vulnerability_id": "VCID-w2pm-349a-ayc4", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the XMLHttpRequestSpy module in the Firebug add-on was exposing\nan underlying chrome privilege escalation vulnerability. When the\nXMLHttpRequestSpy object was created, it would attach various\nproperties of itself to objects defined in web content, which were not\nbeing properly wrapped to prevent their exposure to chrome privileged\nobjects. This could result in an attacker running arbitrary\nJavaScript on a victim's machine, though it required the victim to\nhave Firebug installed, so the overall severity of the issue was\ndetermined to be High.This vulnerability does not affect Firefox 3.6", "aliases": [ { "alias": "CVE-2010-0179" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/977?format=api", "purl": "pkg:mozilla/Firefox@3.0.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/994?format=api", "purl": "pkg:mozilla/Firefox@3.5.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/993?format=api", "purl": "pkg:mozilla/Firefox@3.6.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/992?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/995?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.11" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179", "reference_id": "CVE-2010-0179", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0179" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21", "reference_id": "mfsa2010-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82", "reference_id": "mfsa2010-82", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-82" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pm-349a-ayc4" }