Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2363?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2363?format=api", "vulnerability_id": "VCID-ranf-y25x-ffh4", "summary": "Mozilla developer Matt Brubeck reported that\nwindow.fullScreen is writeable by untrusted content now that the DOM fullscreen\nAPI is enabled. Because window.fullScreen does not include\nmozRequestFullscreen's security protections, it could be used for UI spoofing.\nThis code change makes window.fullScreen read only by untrusted content, forcing\nthe use of the DOM fullscreen API in normal usage.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.", "aliases": [ { "alias": "CVE-2012-0460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1030?format=api", "purl": "pkg:mozilla/Firefox@11.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@11.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1031?format=api", "purl": "pkg:mozilla/Firefox%20ESR@10.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@10.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036?format=api", "purl": "pkg:mozilla/SeaMonkey@2.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1033?format=api", "purl": "pkg:mozilla/Thunderbird@11.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@11.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1034?format=api", "purl": "pkg:mozilla/Thunderbird%20ESR@10.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird%2520ESR@10.0.3" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460", "reference_id": "CVE-2012-0460", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0460" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18", "reference_id": "mfsa2012-18", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-18" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ranf-y25x-ffh4" }