Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2538?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2538?format=api", "vulnerability_id": "VCID-vn98-s2xg-37ap", "summary": "Igor Bukanov has audited the JavaScript engine for routines that use\ntemporary variables not protected against garbage-collection.\nIf malicious content could cause garbage-collection to run during the\nlifetime of these temporaries then the original routine would end up\noperating on freed memory.The risk appears remote, but this type of memory corruption could\npotentially be used by an attacker to run arbitrary code including\nthe installation of malware.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.Update (29 July 2006)\nAdded reference to bug 313500 which was part of this audit.", "aliases": [ { "alias": "CVE-2006-1742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1106?format=api", "purl": "pkg:mozilla/Mozilla%20Suite@1.7.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Mozilla%2520Suite@1.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104?format=api", "purl": "pkg:mozilla/Thunderbird@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1103?format=api", "purl": "pkg:mozilla/Thunderbird@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.5.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742", "reference_id": "CVE-2006-1742", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-10", "reference_id": "mfsa2006-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-10" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vn98-s2xg-37ap" }