Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/63745?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63745?format=api", "vulnerability_id": "VCID-15ft-jxfa-pkgc", "summary": "Mozilla developer Daniel Stenberg reported that the DNS\nresolver in Firefox for Android uses an insufficiently random algorithm when\ngenerating random numbers for the unique identifier. This was derived from an\nold version of the Bionic libc library and suffered from\ninsufficient randomness in the pseudo-random number generator (PRNG) as described by Roee\nHay and Roi Saltzman.\nThis leaves Firefox on Android potentially vulnerable to DNS poisoning\nattacks because an attacker may be able to predict the identifier used, allowing\nfor the spoofing of web sites and cookie theft.\nThis flaw did not affect desktop versions of Mozilla products\nand only Firefox for Android was affected.", "aliases": [ { "alias": "CVE-2015-0800" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86817?format=api", "purl": "pkg:mozilla/Firefox@37.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@37.0.0" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63989", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63742", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.6383", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63788", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63839", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63856", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63869", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63866", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63855", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63872", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63884", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63882", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63853", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63897", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63944", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63911", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.63938", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0800", "reference_id": "CVE-2015-0800", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0800" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-41", "reference_id": "mfsa2015-41", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-41" } ], "weaknesses": [], "exploits": [], "severity_range_score": "0.1 - 3", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-15ft-jxfa-pkgc" }