{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2090?format=json","vulnerability_id":"VCID-8rsd-tr7r-1qcq","summary":"Firefox user Sijie Xia reported that if a user\nexplicitly removes the trust for extended validation (EV) capable root\ncertificates in the certificate manager, the change is not properly used when\nvalidating EV certificates, causing the setting to be ignored. This removes the\nability of users to explicitly untrust root certificates from specific\ncertificate authorities.\nThis flaw does not affect certificates that are not extended\nvalidation certificates. All other certificate validation checks do occur, the\nerror is the assumption that if Mozilla trusted the certificate, the user would\nalso.","aliases":[{"alias":"CVE-2013-6673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/918?format=json","purl":"pkg:mozilla/Firefox@26.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@26.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/919?format=json","purl":"pkg:mozilla/Firefox%20ESR@24.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/921?format=json","purl":"pkg:mozilla/Seamonkey@2.23.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.23.0"},{"url":"http://public2.vulnerablecode.io/api/packages/920?format=json","purl":"pkg:mozilla/Thunderbird@24.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.2.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673","reference_id":"CVE-2013-6673","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6673"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-113","reference_id":"mfsa2013-113","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-113"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rsd-tr7r-1qcq"}