GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2638?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2638?format=api",
    "vulnerability_id": "VCID-s9ey-mtj5-vbey",
    "summary": "Security researcher David James reported that a\ncontent window which is opened by a chrome window retains a reference\nto the chrome window via the window.opener property.  Using\nthis reference, content in the new window can access functions \ninside the chrome window, such as eval, and use these\nfunctions to run arbitrary JavaScript code with chrome privileges. In\na stock Mozilla browser a remote attacker can not cause these application\ndialogs to appear nor to automatically load the attack code that takes advantage\nof this flaw in window.opener. There may be add-ons which open\npotentially hostile web-content in this way, and combined with such an add-on the\nseverity of this flaw could be upgraded to Critical.",
    "aliases": [
        {
            "alias": "CVE-2009-3986"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1128?format=api",
            "purl": "pkg:mozilla/Firefox@3.0.16",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.16"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1127?format=api",
            "purl": "pkg:mozilla/Firefox@3.5.6",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.6"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1129?format=api",
            "purl": "pkg:mozilla/SeaMonkey@2.0.1",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.1"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986",
            "reference_id": "CVE-2009-3986",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3986"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70",
            "reference_id": "mfsa2009-70",
            "reference_type": "",
            "scores": [
                {
                    "value": "none",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2009-70"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": null,
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ey-mtj5-vbey"
}