Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63742?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63742?format=api", "vulnerability_id": "VCID-tmb8-vc5k-tbbc", "summary": "Security researcher Juho Nurminen reported a mechanism to spoof the\nURL displayed in the addressbar in reader mode by manipulating the loaded URL. This flaw\nallows for the URL displayed to be different than that the web content rendered. This\nallows for potential spoofing but the effects are mitigated due to the restrictions reader\nmode places when rendering content.", "aliases": [ { "alias": "CVE-2015-4508" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86814?format=api", "purl": "pkg:mozilla/Firefox@41.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@41.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/86808?format=api", "purl": "pkg:mozilla/SeaMonkey@2.38.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.38.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4508.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72048", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71884", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71891", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71911", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71932", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71963", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71967", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71952", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71996", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72003", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72001", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.71994", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72027", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72057", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00697", "scoring_system": "epss", "scoring_elements": "0.72021", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-4508" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265624", "reference_id": "1265624", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4508", "reference_id": "CVE-2015-4508", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4508" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-103", "reference_id": "mfsa2015-103", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-103" }, { "reference_url": "https://usn.ubuntu.com/2743-1/", "reference_id": "USN-2743-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2743-1/" } ], "weaknesses": [ { "cwe_id": 120, "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "description": "The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow." } ], "exploits": [], "severity_range_score": "0.1 - 3", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmb8-vc5k-tbbc" }