{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/630?format=json","vulnerability_id":"VCID-vyzx-e65q-wqcp","summary":"Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.","aliases":[{"alias":"CVE-2017-7797"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1852?format=json","purl":"pkg:alpm/archlinux/firefox@55.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@55.0-1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1851?format=json","purl":"pkg:alpm/archlinux/firefox@54.0.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21fd-3bm8-nuhg"},{"vulnerability":"VCID-3qw2-tzj7-u3fa"},{"vulnerability":"VCID-5a6g-h3b1-vqfy"},{"vulnerability":"VCID-5muy-mca9-rqet"},{"vulnerability":"VCID-74ur-xkr1-a7er"},{"vulnerability":"VCID-7sk9-2y8h-ekdq"},{"vulnerability":"VCID-883g-dbap-u7aw"},{"vulnerability":"VCID-a6nu-n226-6fgh"},{"vulnerability":"VCID-auz2-mkb7-3uhh"},{"vulnerability":"VCID-azwt-6846-1kgm"},{"vulnerability":"VCID-cqty-a2zv-bff1"},{"vulnerability":"VCID-f9cy-h7kt-zudr"},{"vulnerability":"VCID-fznu-jdyc-47hv"},{"vulnerability":"VCID-gcyv-192g-3ygq"},{"vulnerability":"VCID-k458-ek4h-4kht"},{"vulnerability":"VCID-md7v-but8-7qdz"},{"vulnerability":"VCID-p1ry-j666-3qhy"},{"vulnerability":"VCID-pfmg-gnh7-p3g6"},{"vulnerability":"VCID-rugx-ug7m-qygh"},{"vulnerability":"VCID-uww5-29jb-n3gc"},{"vulnerability":"VCID-vyzx-e65q-wqcp"},{"vulnerability":"VCID-wp9t-e5k9-uybw"},{"vulnerability":"VCID-x2hg-g7n3-8qbw"},{"vulnerability":"VCID-xgvy-fw6z-9bfg"},{"vulnerability":"VCID-yuw9-jt66-2qd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@54.0.1-1"}],"references":[{"reference_url":"https://security.archlinux.org/ASA-201708-3","reference_id":"ASA-201708-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-3"},{"reference_url":"https://security.archlinux.org/AVG-375","reference_id":"AVG-375","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-375"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18","reference_id":"mfsa2017-18","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-18"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vyzx-e65q-wqcp"}