{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2259?format=json","vulnerability_id":"VCID-n4a2-kntd-sug6","summary":"Mozilla security researcher moz_bug_r_a4 reported that frame\nscripts bypass XPConnect security checks when calling untrusted objects. This\nallows for cross-site scripting (XSS) attacks through web pages and Firefox\nextensions. The fix enables the Script Security Manager (SSM) to force security\nchecks on all frame scripts.\nFirefox 3.6 and Thunderbird 3.1 are not affected by this\nvulnerability.","aliases":[{"alias":"CVE-2012-0446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1015?format=json","purl":"pkg:mozilla/Firefox@10.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@10.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1019?format=json","purl":"pkg:mozilla/SeaMonkey@2.7.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1017?format=json","purl":"pkg:mozilla/Thunderbird@10.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@10.0.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446","reference_id":"CVE-2012-0446","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05","reference_id":"mfsa2012-05","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-05"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4a2-kntd-sug6"}