Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63719?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63719?format=api", "vulnerability_id": "VCID-hf9p-ajjz-k3ft", "summary": "Security researcher Jordi Chancel reported that on Firefox for\nAndroid, when a URL is pasted with an unknown protocol, such as secure: or\nhttpz:, the pasted URL is shown in the addressbar but no navigation occurs.\nOther addressbar attributes present before this pasted URL is entered will continue to be\nrendered. This could lead to potential spoofing by a malicious site. \n This issue only affects Firefox for Android and does not affect Firefox on\nOS X, Linux, or Windows operating systems.", "aliases": [ { "alias": "CVE-2015-4476" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86814?format=api", "purl": "pkg:mozilla/Firefox@41.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@41.0.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4476.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65272", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65152", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65202", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.6522", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65192", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65227", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65237", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65219", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65234", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65247", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65245", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65225", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4476" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265603", "reference_id": "1265603", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476", "reference_id": "CVE-2015-4476", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-99", "reference_id": "mfsa2015-99", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-99" } ], "weaknesses": [ { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hf9p-ajjz-k3ft" }