Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2213?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2213?format=api", "vulnerability_id": "VCID-cbf6-phh6-3kd3", "summary": "Mozilla security researcher moz_bug_r_a4 reports that\nby using an appropriately wrapped object it was possible to bypass the fix\nfor \nMFSA 2007-19. Prior to Firefox 3.6 this gives an attacker the ability\nto perform cross-site scripting attacks against arbitrary sites as in the\noriginal MFSA 2007-19 attack. Due to unrelated changes in the browser engine\nused by Firefox 3.6, attacks in that version are limited to capturing keystroke\nevents from a cross-origin frame or window rather than full DOM access.\nThose events might be sufficient to illicitly obtain passwords\nor other sensitive information entered into web forms.\nThunderbird does not allow JavaScript to run in mail\nmessages, but users who open web content (such as RSS feeds, or other\ncontent through add-ons) could be at risk.", "aliases": [ { "alias": "CVE-2010-0171" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/990?format=api", "purl": "pkg:mozilla/Firefox@3.0.18", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.18" }, { "url": "http://public2.vulnerablecode.io/api/packages/989?format=api", "purl": "pkg:mozilla/Firefox@3.5.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/975?format=api", "purl": "pkg:mozilla/Firefox@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/992?format=api", "purl": "pkg:mozilla/SeaMonkey@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/991?format=api", "purl": "pkg:mozilla/Thunderbird@3.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.2" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171", "reference_id": "CVE-2010-0171", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0171" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12", "reference_id": "mfsa2010-12", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-12" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbf6-phh6-3kd3" }