Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63689?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63689?format=api", "vulnerability_id": "VCID-kezq-ad8j-eycq", "summary": "Two crashes that could potentially be exploited to run malicious\ncode were found in the WebGL feature and fixed in Firefox 4.0.1.\nIn addition the WebGLES libraries could potentially be used to bypass\na security feature of recent Windows versions. The WebGL feature was\nintroduced in Firefox 4; older versions are not affected by these issues.Nils reported that the WebGLES libraries in the Windows\nversion of Firefox were compiled without ASLR protection. An attacker who\nfound an exploitable memory corruption flaw could then use these libraries\nto bypass ASLR on Windows Vista and Windows 7, making the flaw as exploitable\non those platforms as it would be on Windows XP or other platforms.", "aliases": [ { "alias": "CVE-2011-1302" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86772?format=api", "purl": "pkg:mozilla/Firefox@4.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@4.0.1" } ], "affected_packages": [], "references": [ { "reference_url": "http://code.google.com/p/chromium/issues/detail?id=78524", "reference_id": "", "reference_type": "", "scores": [], "url": "http://code.google.com/p/chromium/issues/detail?id=78524" }, { "reference_url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89469", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89349", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89437", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89455", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89354", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89366", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89389", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89397", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.8939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89406", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89407", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89423", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89427", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.04725", "scoring_system": "epss", "scoring_elements": "0.89428", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1302" }, { "reference_url": "http://secunia.com/advisories/44141", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44141" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66768" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14737" }, { "reference_url": "http://www.securityfocus.com/bid/47377", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/47377" }, { "reference_url": "http://www.securitytracker.com/id?1025377", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025377" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/1006", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/1006" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1302", "reference_id": "CVE-2011-1302", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1302", "reference_id": "CVE-2011-1302", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1302" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-17", "reference_id": "mfsa2011-17", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2011-17" } ], "weaknesses": [ { "cwe_id": 787, "name": "Out-of-bounds Write", "description": "The product writes data past the end, or before the beginning, of the intended buffer." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kezq-ad8j-eycq" }