{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2103?format=json","vulnerability_id":"VCID-hawk-pzyk-ybgv","summary":"Security researcher Jordi Chancel discovered a method to put\narbitrary HTML content within <select> elements and place it in arbitrary\nlocations. This can be used to spoof the displayed addressbar, leading to\nclickjacking and other spoofing attacks.\nIn general this flaw cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but is\npotentially a risk in browser or browser-like contexts.","aliases":[{"alias":"CVE-2013-5593"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/934?format=json","purl":"pkg:mozilla/Firefox@25.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@25.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/935?format=json","purl":"pkg:mozilla/Firefox%20ESR@24.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/939?format=json","purl":"pkg:mozilla/Seamonkey@2.22.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.22.0"},{"url":"http://public2.vulnerablecode.io/api/packages/937?format=json","purl":"pkg:mozilla/Thunderbird@24.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.1.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593","reference_id":"CVE-2013-5593","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5593"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-94","reference_id":"mfsa2013-94","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-94"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hawk-pzyk-ybgv"}