Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2561?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2561?format=api", "vulnerability_id": "VCID-49rf-24dt-vydg", "summary": "moz_bug_r_a4 discovered that .valueOf.call() and .valueOf.apply()\nwhen called with no arguments were returning the Object class\nprototype rather than the caller's global window object. When\ncalled on a reachable property of another window this provides\na hook to get around the same-origin protection, allowing an\nattacker to inject script into another window.Cross-site script injection can be used to steal confidential\ndata such as cookies or passwords, or perform actions on\nthe user's behalf. It can also be used to alter the content\nof the other window which could be used to fool a user\ninto trusting bogus information or downloaded content.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "aliases": [ { "alias": "CVE-2006-1731" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1102?format=api", "purl": "pkg:mozilla/Firefox@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1101?format=api", "purl": "pkg:mozilla/Firefox@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1106?format=api", "purl": "pkg:mozilla/Mozilla%20Suite@1.7.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Mozilla%2520Suite@1.7.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1105?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104?format=api", "purl": "pkg:mozilla/Thunderbird@1.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1103?format=api", "purl": "pkg:mozilla/Thunderbird@1.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.5.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731", "reference_id": "CVE-2006-1731", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-19", "reference_id": "mfsa2006-19", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-19" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49rf-24dt-vydg" }