Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63603?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63603?format=api", "vulnerability_id": "VCID-z23q-ts2f-17a3", "summary": "Normally Mozilla-based clients prevent web content from linking to local files\nbut Eric Foley reports a partial bypass of this restriction by using Windows\nfilename syntax (on a Windows computer) rather than a file:/// URL as the\nSRC= attribute. The image will not be loaded on the web page--it will appear as\na broken image--but if a user can be convinced to right-click and select\n\"View Image\" then the content will be loaded. Since the image will replace\nthe current document attacker script cannot be run on it. Loading a local\nfile at a known location is about the extent of this attack.If the local file is a media file an external helper program may be launched\nto play the media depending on your settings. The action will be the same\nas if you had clicked on a remote link of the same media type and does not\npresent any additional risk. Local files identified as executable will\nnever be opened in this way, with \"executable\" broadly\ndefined on windows to include many scriptable document formats with a history\nof being abused.By referencing a local device rather than a file this could be used\nas a limited denial-of-service attack to hang the browser.", "aliases": [ { "alias": "CVE-2006-1942" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582402?format=api", "purl": "pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.4-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.4-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/582059?format=api", "purl": "pkg:deb/debian/firefox@149.0-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059611?format=api", "purl": "pkg:deb/debian/firefox@149.0.2-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/940805?format=api", "purl": "pkg:deb/debian/thunderbird@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940802?format=api", "purl": "pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940800?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.6.0esr-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940804?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.8.0esr-1~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/940803?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.0esr-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dw5-vpt8-zqbz" }, { "vulnerability": "VCID-9ag7-z86d-nba9" }, { "vulnerability": "VCID-qbzp-euvv-q7c7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.0esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067638?format=api", "purl": "pkg:deb/debian/thunderbird@1:140.9.1esr-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.9.1esr-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/86681?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86457", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86371", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86381", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86398", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.864", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86419", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86429", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86443", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86436", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0294", "scoring_system": "epss", "scoring_elements": "0.86453", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1942", "reference_id": "CVE-2006-1942", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1942" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-39", "reference_id": "mfsa2006-39", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2006-39" } ], "weaknesses": [], "exploits": [], "severity_range_score": "0.1 - 3", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z23q-ts2f-17a3" }