{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2550?format=json","vulnerability_id":"VCID-g3d9-vf5u-dqbk","summary":"Using the eval associated with methods of an XBL binding it was possible\nto create JavaScript functions that would get compiled with the wrong\nprivileges, allowing the attacker to run code of their choice with the\nfull permission of the user running the browser. This\ncould be used to install spyware or viruses.Thunderbird shares the JavaScript engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","aliases":[{"alias":"CVE-2006-1735"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1102?format=json","purl":"pkg:mozilla/Firefox@1.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1101?format=json","purl":"pkg:mozilla/Firefox@1.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1106?format=json","purl":"pkg:mozilla/Mozilla%20Suite@1.7.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Mozilla%2520Suite@1.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/1105?format=json","purl":"pkg:mozilla/SeaMonkey@1.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1104?format=json","purl":"pkg:mozilla/Thunderbird@1.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/1103?format=json","purl":"pkg:mozilla/Thunderbird@1.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.5.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735","reference_id":"CVE-2006-1735","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-14","reference_id":"mfsa2006-14","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-14"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g3d9-vf5u-dqbk"}