Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63501?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63501?format=api", "vulnerability_id": "VCID-pden-es6n-nfey", "summary": "Security researcher 3ric Johanson reported in discussions\nwith Richard Newman and Holt Sorenson that\nVerisign's prevention measures for homograph attacks using Internationalized\nDomain Names (IDN) were insufficiently rigorous, and this led to a limited\npossibility for domain spoofing in Firefox.IDN allows non-English speakers to use domains in their local language. Many\nsupported characters are similar or identical to others in English, allowing for\nthe potential spoofing of domain names and for phishing attacks when not\nblocked. In consultation with Verisign, Mozilla had added .com, .net, and .name\ntop-level domains to its IDN whitelist, allowing for IDN use in those top-level\ndomains without restrictions. However, it became clear that a number of\nhistorical dangerous registrations continued to be valid.This issue has been fixed by removing the .com, .net, and .name top-level\ndomains from the IDN whitelist, and supplementing the whitelist implementation\nwith technical restrictions against script-mixing in domain labels. These\nrestrictions apply to all non-whitelisted top-level domains. More information on\nthe exact algorithm used can be found here.", "aliases": [ { "alias": "CVE-2013-1699" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86507?format=api", "purl": "pkg:mozilla/Firefox@22.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@22.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86508?format=api", "purl": "pkg:mozilla/SeaMonkey@2.19.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.19.0" } ], "affected_packages": [], "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1699.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1699.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1699", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58706", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58693", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58673", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58649", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58669", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58688", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58694", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58711", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1699" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=840882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=840882" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17296" }, { "reference_url": "http://www.mozilla.org/security/announce/2013/mfsa2013-61.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-61.html" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1890-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1890-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=977621", "reference_id": "977621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=977621" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:19.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:20.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699", "reference_id": "CVE-2013-1699", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1699" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1699", "reference_id": "CVE-2013-1699", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1699" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-61", "reference_id": "mfsa2013-61", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2013-61" }, { "reference_url": "https://usn.ubuntu.com/1890-1/", "reference_id": "USN-1890-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1890-1/" } ], "weaknesses": [ { "cwe_id": 310, "name": "Cryptographic Issues", "description": "Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed." } ], "exploits": [], "severity_range_score": "5.0 - 5.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pden-es6n-nfey" }