Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2566?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2566?format=api", "vulnerability_id": "VCID-tccv-gwuq-ske2", "summary": "In certain circumstances persisted XUL attributes are associated with the\nwrong URL. If an attacker can get a persisted string associated with an\nURL that will later eval or execute that attribute in a privileged\ncontext then the attacker's code will run with the full permissions\nof the browser.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "aliases": [ { "alias": "CVE-2006-2775" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1100?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775", "reference_id": "CVE-2006-2775", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-35", "reference_id": "mfsa2006-35", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-35" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tccv-gwuq-ske2" }