{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2721?format=json","vulnerability_id":"VCID-5c7k-2w7y-53a4","summary":"Security researcher Ash reported an issue where the\nextracted files for updates to existing files are not read only during the\nupdate process. This allows for the potential replacement or modification of\nthese files during the update process if a malicious application is present on\nthe local system.","aliases":[{"alias":"CVE-2014-1496"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1154?format=json","purl":"pkg:mozilla/Firefox@28.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@28.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1163?format=json","purl":"pkg:mozilla/Firefox%20ESR@24.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1155?format=json","purl":"pkg:mozilla/Seamonkey@2.25.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.25.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1170?format=json","purl":"pkg:mozilla/Thunderbird@24.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.4.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496","reference_id":"CVE-2014-1496","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1496"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16","reference_id":"mfsa2014-16","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-16"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5c7k-2w7y-53a4"}