Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63743?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63743?format=api", "vulnerability_id": "VCID-ecr4-p51g-bygd", "summary": "Security researcher Holger Fuhrmannek reported that when the\nMozilla updater is run, the updater can be manipulated to load the updated files from a\nworking directory under user control in concert with junctions. When the updates are run\nby the Mozilla Maintenance Service on Windows, these malicious files can be run with\nelevated privileges and be used to replace arbitrary files on the system. This could allow\nfor arbitrary code execution by a malicious user with local system access but does not\nallow for exploitation by web content.\nThis issue is specific to Windows and does not affect Linux or OS X\nsystems.", "aliases": [ { "alias": "CVE-2015-4505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86814?format=api", "purl": "pkg:mozilla/Firefox@41.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@41.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86815?format=api", "purl": "pkg:mozilla/Firefox%20ESR@38.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86816?format=api", "purl": "pkg:mozilla/Thunderbird@38.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.3.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4505.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28621", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28704", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28752", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28559", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28624", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28664", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28665", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28593", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28568", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28521", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4505" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265610", "reference_id": "1265610", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505", "reference_id": "CVE-2015-4505", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-100", "reference_id": "mfsa2015-100", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-100" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecr4-p51g-bygd" }