Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/248?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/248?format=api", "vulnerability_id": "VCID-fd7y-6r4r-87dz", "summary": "Redirection from an HTTP connection to a data: URL assigns the referring site's origin to the data: URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. *Note: This issue only affects Firefox 49 and 50.*", "aliases": [ { "alias": "CVE-2016-9078" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1921?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqm-2jym-m3g7" }, { "vulnerability": "VCID-28u2-f3bg-jufy" }, { "vulnerability": "VCID-2dx6-ehwy-xubu" }, { "vulnerability": "VCID-4cyw-yxhd-77af" }, { "vulnerability": "VCID-4eg8-dc82-fqd6" }, { "vulnerability": "VCID-9kvv-4mne-37dt" }, { "vulnerability": "VCID-bbze-6awa-ryeq" }, { "vulnerability": "VCID-m1ve-ttqh-3ucn" }, { "vulnerability": "VCID-t15g-6442-cufj" }, { "vulnerability": "VCID-uh2v-m8c2-6fd6" }, { "vulnerability": "VCID-vdup-4rw5-bke7" }, { "vulnerability": "VCID-wbtg-ecpe-8bcy" }, { "vulnerability": "VCID-zbxg-zh9z-n7gg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372?format=api", "purl": "pkg:mozilla/Firefox@50.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@50.0.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1928?format=api", "purl": "pkg:alpm/archlinux/firefox@50.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fd7y-6r4r-87dz" }, { "vulnerability": "VCID-k1rz-f92p-ducs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@50.0-1" } ], "references": [ { "reference_url": "https://security.archlinux.org/ASA-201612-1", "reference_id": "ASA-201612-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201612-1" }, { "reference_url": "https://security.archlinux.org/AVG-90", "reference_id": "AVG-90", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91", "reference_id": "mfsa2016-91", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-91" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fd7y-6r4r-87dz" }