Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2503?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2503?format=api", "vulnerability_id": "VCID-s7pe-nyw7-dqa4", "summary": "shutdown discovered it was possible to use the Object.watch()\nmethod to access an internal function object (the \"clone parent\")\nwhich could then be used to run arbitrary JavaScript code with\nfull permission. This could be used to install malware such as\npassword sniffers or viruses.In pre-release versions of Firefox 1.5 the same technique could\nbe applied to the Array generic methods introduced in that release.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "aliases": [ { "alias": "CVE-2006-1734" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1106?format=api", "purl": "pkg:mozilla/Mozilla%20Suite@1.7.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Mozilla%2520Suite@1.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104?format=api", "purl": "pkg:mozilla/Thunderbird@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1103?format=api", "purl": "pkg:mozilla/Thunderbird@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.5.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734", "reference_id": "CVE-2006-1734", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-15", "reference_id": "mfsa2006-15", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-15" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7pe-nyw7-dqa4" }