{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2979?format=json","vulnerability_id":"VCID-m8xf-uesq-xfht","summary":"Security researcher Holger Fuhrmannek previously reported CVE-2015-0833, which was fixed in \nMFSA2015-12. That flaw allowed for the updater to load binary DLL format files from\nthe local working directory or from the Windows temporary directories.  During\nthe fixing of CVE-2015-0833, the need to ensure that updates use the updater.exe\nfrom the application directory was identified to mitigate the potential for\nfurther similar vulnerabilities. This change to updater.exe for Windows systems\nhas been made in this release.\nThis issue is specific to Windows and does not affect Linux or\nOS X systems.","aliases":[{"alias":"CVE-2015-0833"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1219?format=json","purl":"pkg:mozilla/Firefox@36.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@36.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1239?format=json","purl":"pkg:mozilla/Firefox@38.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@38.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1247?format=json","purl":"pkg:mozilla/Firefox%20ESR@31.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1220?format=json","purl":"pkg:mozilla/SeaMonkey@2.33.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.33.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1226?format=json","purl":"pkg:mozilla/SeaMonkey@2.35.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.35.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1248?format=json","purl":"pkg:mozilla/Thunderbird@31.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1241?format=json","purl":"pkg:mozilla/Thunderbird@38.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@38.0.1"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833","reference_id":"CVE-2015-0833","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-12","reference_id":"mfsa2015-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-58","reference_id":"mfsa2015-58","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-58"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m8xf-uesq-xfht"}