{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1678?format=json","vulnerability_id":"VCID-2wxh-2zyh-1ke4","summary":"If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content.","aliases":[{"alias":"CVE-2019-11737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2774?format=json","purl":"pkg:alpm/archlinux/firefox@69.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@69.0-1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2773?format=json","purl":"pkg:alpm/archlinux/firefox@68.0.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2wxh-2zyh-1ke4"},{"vulnerability":"VCID-7skz-3xdx-qfb2"},{"vulnerability":"VCID-a7f4-e11n-nudj"},{"vulnerability":"VCID-ahyy-dnwx-hkgq"},{"vulnerability":"VCID-bcec-844m-17er"},{"vulnerability":"VCID-c8zu-jpst-7yd4"},{"vulnerability":"VCID-gus7-632r-pbe8"},{"vulnerability":"VCID-hmhw-rwg5-nkaf"},{"vulnerability":"VCID-huuy-2tmx-5qfw"},{"vulnerability":"VCID-n2q8-gxpe-z7hs"},{"vulnerability":"VCID-pdnj-utqg-bbdy"},{"vulnerability":"VCID-q8zd-91dy-x7cx"},{"vulnerability":"VCID-rkqd-sddx-dqc6"},{"vulnerability":"VCID-w5m4-671n-qkfx"},{"vulnerability":"VCID-xn4h-9ze2-3yft"},{"vulnerability":"VCID-y916-adxe-hkab"},{"vulnerability":"VCID-yr2r-ca9n-w7bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@68.0.2-1"}],"references":[{"reference_url":"https://security.archlinux.org/ASA-201909-2","reference_id":"ASA-201909-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-2"},{"reference_url":"https://security.archlinux.org/AVG-1036","reference_id":"AVG-1036","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1036"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25","reference_id":"mfsa2019-25","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-25"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wxh-2zyh-1ke4"}