{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1919?format=json","vulnerability_id":"VCID-jtap-rfvp-57e1","summary":"Jason Pang of OneSignal reported that service workers\nintercept responses to plugin network requests made through the browser.\nPlugins which make security decisions based on the content of network requests\ncan have these decisions subverted if a service worker forges responses to those\nrequests. For example, a forged crossdomain.xml could allow a\nmalicious site to violate the same-origin policy using the Flash plugin.","aliases":[{"alias":"CVE-2016-1949"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/908?format=json","purl":"pkg:mozilla/Firefox@44.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@44.0.2"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1949","reference_id":"CVE-2016-1949","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1949"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-13","reference_id":"mfsa2016-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-13"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtap-rfvp-57e1"}