Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63616?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63616?format=api", "vulnerability_id": "VCID-5xuq-n3bu-1bbb", "summary": "Security researcher Kent Howard reported an Apple issue\npresent in OS X 10.10 (Yosemite) where log files are created by the\nCoreGraphics framework of OS X in the /tmp local\ndirectory. These log files contain a record of all inputs into Mozilla programs\nduring their operation. In versions of OS X from versions 10.6 through 10.9, the\nCoreGraphics had this logging ability but it was turned off by\ndefault. In OS X 10.10, this logging was turned on by default for some\napplications that use a custom memory allocator, such as jemalloc,\nbecause of an initialization bug in the framework. This issue has been addressed\nin Mozilla products by explicitly turning off the framework's logging of input\nevents. On vulnerable systems, this issue can result in private data such as\nusernames, passwords, and other inputted data being saved to a log file on the\nlocal system.\nThis issue does not affect OS X users prior to 10.10. Users on\nOS X 10.10 should go to their /tmp folder and delete any files with\nnames beginning with \"CGLog_\" followed by the name of a Mozilla product, such as\n\"CGLog_firefox\".", "aliases": [ { "alias": "CVE-2014-1595" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86737?format=api", "purl": "pkg:mozilla/Firefox@34.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@34.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86738?format=api", "purl": "pkg:mozilla/Firefox%20ESR@31.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86739?format=api", "purl": "pkg:mozilla/Thunderbird@31.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.3.0" } ], "affected_packages": [], "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24729", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24654", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24634", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24617", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24706", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24661", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1595" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1092855" }, { "reference_url": "http://support.apple.com/HT204244", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/HT204244" }, { "reference_url": "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mozilla.org/security/announce/2014/mfsa2014-90.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595", "reference_id": "CVE-2014-1595", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1595", "reference_id": "CVE-2014-1595", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1595" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-90", "reference_id": "mfsa2014-90", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-90" } ], "weaknesses": [ { "cwe_id": 199, "name": "Information Management Errors", "description": "Weaknesses in this category are related to improper handling of sensitive information." } ], "exploits": [], "severity_range_score": "2.1 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xuq-n3bu-1bbb" }