{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2528?format=json","vulnerability_id":"VCID-rcu3-aqdr-x3ej","summary":"shutdown demonstrated how to use the window.controllers array\nto bypass same-origin protections, allowing a malicious site to\ninject script into content from another site. This could allow\nthe malicious page to steal information such as cookies or\npasswords from the other site, or perform transactions on the user's\nbehalf if the user were already logged in.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","aliases":[{"alias":"CVE-2006-1732"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1102?format=json","purl":"pkg:mozilla/Firefox@1.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1101?format=json","purl":"pkg:mozilla/Firefox@1.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1106?format=json","purl":"pkg:mozilla/Mozilla%20Suite@1.7.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Mozilla%2520Suite@1.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/1105?format=json","purl":"pkg:mozilla/SeaMonkey@1.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1104?format=json","purl":"pkg:mozilla/Thunderbird@1.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1103?format=json","purl":"pkg:mozilla/Thunderbird@1.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.5.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732","reference_id":"CVE-2006-1732","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-17","reference_id":"mfsa2006-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-17"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcu3-aqdr-x3ej"}