GET

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

GET /api/vulnerabilities/2466?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2466?format=api",
    "vulnerability_id": "VCID-zm4q-unv1-x3d6",
    "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat mozIJSSubScriptLoader.LoadScript() only applied XPCNativeWrappers to\nscripts loaded from standard chrome: URIs. Add-ons using\nthis feature to load scripts from other schemes such as file:\nor data: (typically dynamically generated scripts) and\nchrome: URIs using non-canonical package names (e.g. uppercase) did\nnot have the protective wrappers applied. If the scripts interact\nwith web content in any way that content could exploit the unwrapped\nscripts to run arbitrary code.Firefox itself does not use this feature in a vulnerable way and\nusers who have not installed any Add-ons are not at risk. We have,\nhowever, identified popular Add-ons using this feature whose\nusers are at risk and there are no doubt others.Thunderbird users are not at risk when JavaScript is\ndisabled in mail. This is the default setting and we strongly discourage\nusers from enabling JavaScript in mail.",
    "aliases": [
        {
            "alias": "CVE-2008-2803"
        }
    ],
    "fixed_packages": [
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1095?format=api",
            "purl": "pkg:mozilla/Firefox@3.0.0",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.0"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/packages/1094?format=api",
            "purl": "pkg:mozilla/SeaMonkey@1.1.10",
            "is_vulnerable": false,
            "affected_by_vulnerabilities": [],
            "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.10"
        }
    ],
    "affected_packages": [],
    "references": [
        {
            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803",
            "reference_id": "CVE-2008-2803",
            "reference_type": "",
            "scores": [],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803"
        },
        {
            "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-25",
            "reference_id": "mfsa2008-25",
            "reference_type": "",
            "scores": [
                {
                    "value": "critical",
                    "scoring_system": "generic_textual",
                    "scoring_elements": ""
                }
            ],
            "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-25"
        }
    ],
    "weaknesses": [],
    "exploits": [],
    "severity_range_score": "9.0 - 10.0",
    "exploitability": null,
    "weighted_severity": null,
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zm4q-unv1-x3d6"
}