{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2602?format=json","vulnerability_id":"VCID-366w-42za-1qb1","summary":"Security researcher Juan Pablo Lopez Yacubian\nreported that an attacker could call window.open() on an\ninvalid URL which looks similar to a legitimate URL and then\nuse document.write() to place content within the new\ndocument, appearing to have come from the spoofed location.\nAdditionally, if the spoofed document was created by a document with a\nvalid SSL certificate, the SSL indicators would be carried over into\nthe spoofed document.  An attacker could use these issues to display\nmisleading location and SSL information for a malicious web page.","aliases":[{"alias":"CVE-2009-2654"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1121?format=json","purl":"pkg:mozilla/Firefox@3.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/1120?format=json","purl":"pkg:mozilla/Firefox@3.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.2"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654","reference_id":"CVE-2009-2654","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-44","reference_id":"mfsa2009-44","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-44"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-366w-42za-1qb1"}