Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2347?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2347?format=api", "vulnerability_id": "VCID-j92j-m4ya-qqh9", "summary": "Security researcher Warren He reported that when a page is\ntransitioned into Reader Mode in Firefox for Android, the resulting page has\nchrome privileges and its content is not thoroughly sanitized. A successful\nattack requires user enabling of reader mode for a malicious page, which could\nthen perform an attack similar to cross-site scripting (XSS) to gain the\nprivileges allowed to Firefox on an Android device. This has been fixed by\nchanging the Reader Mode page into an unprivileged page.\nThis vulnerability only affects Firefox for Android.", "aliases": [ { "alias": "CVE-2012-3987" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1054?format=api", "purl": "pkg:mozilla/Firefox@16.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@16.0.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987", "reference_id": "CVE-2012-3987", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3987" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-78", "reference_id": "mfsa2012-78", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-78" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j92j-m4ya-qqh9" }