Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2479?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2479?format=api", "vulnerability_id": "VCID-cpff-qnzg-wuhu", "summary": "Mozilla security researcher moz_bug_r_a4 reported\nthat the same-origin check in nsXMLDocument::OnChannelRedirect()\ncould be bypassed. This vulnerability could be used to execute JavaScript\nin the context of a different website.Firefox 3 is not affected by this issueThunderbird shares the browser engine with Firefox and\ncould be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.", "aliases": [ { "alias": "CVE-2008-3835" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1096?format=api", "purl": "pkg:mozilla/SeaMonkey@1.1.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.12" } ], "affected_packages": [], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835", "reference_id": "CVE-2008-3835", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3835" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38", "reference_id": "mfsa2008-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2008-38" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpff-qnzg-wuhu" }