{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2641?format=json","vulnerability_id":"VCID-42et-b37x-v7dy","summary":"Mozilla developer Blake Kaplan reported\nthat setTimeout, when called with certain object\nparameters which should be protected with\na XPCNativeWrapper, will fail to keep the object wrapped\nwhen compiling the new function to be executed.  If chrome privileged\ncode were to call setTimeout using this as\nan argument, the this object will lose its wrapper and\ncould be unsafely accessed by chrome code.  An attacker could use such\nvulnerable code to run arbitrary JavaScript with chrome\nprivileges.","aliases":[{"alias":"CVE-2009-2471"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1112?format=json","purl":"pkg:mozilla/Firefox@3.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/1111?format=json","purl":"pkg:mozilla/Firefox@3.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471","reference_id":"CVE-2009-2471","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39","reference_id":"mfsa2009-39","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-39"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42et-b37x-v7dy"}