{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2612?format=json","vulnerability_id":"VCID-by67-ztwk-8kh3","summary":"Mozilla security researcher moz_bug_r_a4 reported that\na form input control's type could be changed during the restoration of a\nclosed tab. An attacker could set an input control's text value to the\npath of a local file whose location was known to the attacker. If the tab\nwas then closed and the victim persuaded to re-open it, upon restoring the\ntab the attacker could use this vulnerability to change the input type to\nfile. Scripts in the page could then automatically submit\nthe form and steal the contents of the user's local file.","aliases":[{"alias":"CVE-2009-0355"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1118?format=json","purl":"pkg:mozilla/Firefox@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.6"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355","reference_id":"CVE-2009-0355","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-03","reference_id":"mfsa2009-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-03"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-by67-ztwk-8kh3"}