Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2879?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2879?format=api", "vulnerability_id": "VCID-dmwt-m574-53ar", "summary": "Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative two instances of code which\nmodifies SVG element lists failed to account for changes made to the\nlist by user-supplied callbacks before accessing list elements. If a\nuser-supplied callback deleted such an object, the element-modifying\ncode could wind up accessing deleted memory and potentially executing\nattacker-controlled memory.regenrecht also reported via TippingPoint's Zero Day Initiative\nthat a XUL document could force the nsXULCommandDispatcher to remove\nall command updaters from the queue, including the one currently in\nuse. This could result in the execution of deleted memory which an\nattacker could use to run arbitrary code on a victim's computer.Firefox 4 and SeaMonkey 2.1 and newer were not affected by\nthese issues.", "aliases": [ { "alias": "CVE-2011-2363" } ], "fixed_packages": [], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363", "reference_id": "CVE-2011-2363", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2363" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23", "reference_id": "mfsa2011-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-23" } ], "weaknesses": [], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmwt-m574-53ar" }