{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2680?format=json","vulnerability_id":"VCID-yuz9-ee71-u7fa","summary":"Security researcher Gregory Fleischer reported\nthat local resources loaded via the file: protocol can\naccess any domain's cookies which have been saved on a user's machine.\nFleischer demonstrated that a local document's domain was being\ncalculated incorrectly from its URL.  If a victim could be persuaded\nto download a malicious file and then open that file in their browser,\nthe malicious file could then steal arbitrary cookies from the\nvictim's computer.  Due to the interaction required for this attack,\nthe severity of the issue was determined to be moderate.","aliases":[{"alias":"CVE-2009-1835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1122?format=json","purl":"pkg:mozilla/Firefox@3.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/1123?format=json","purl":"pkg:mozilla/SeaMonkey@1.1.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.17"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835","reference_id":"CVE-2009-1835","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26","reference_id":"mfsa2009-26","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-26"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuz9-ee71-u7fa"}