GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2489?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2489?format=api",
    "vulnerability_id": "VCID-a7t4-4g1x-guhw",
    "summary": "Mozilla developer Jesse Ruderman demonstrated that\nby tampering with the window.__proto__.__proto__ object,\none can cause the browser to place a lock on a non-native object,\nleading to a crash. Although we have not demonstrated such control, a\ndetermined attacker might be able to exploit this crash to run\narbitrary code on a victim's computer.Thunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is\nnot the default setting and we strongly discourage users from running\nJavaScript in mail.",
    "aliases": [
        {
            "alias": "CVE-2008-5014"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1097?format=api",
            "purl": "pkg:mozilla/Firefox@3.0.2",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1089?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.1.13",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.13"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014",
            "reference_id": "CVE-2008-5014",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50",
            "reference_id": "mfsa2008-50",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-50"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7t4-4g1x-guhw"
}