Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Firefox%20ESR@31.6.0
Typemozilla
Namespace
NameFirefox ESR
Version31.6.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version31.7.0
Latest_non_vulnerable_version140.11.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-n7m2-cbnx-bygy
vulnerability_id VCID-n7m2-cbnx-bygy
summary 
Mozilla developer Olli Pettay reported that while
investigating Mozilla
Foundation Security Advisory 2015-28, he and Mozilla developer Boris
Zbarsky found an alternate way to trigger a similar vulnerability. The
previously reported flaw used an issue with SVG content navigation to bypass
same-origin policy protections to run scripts in a privileged context. This
newer variant found that the same flaw could be used during anchor navigation of
a page, allowing bypassing of same-origin policy protections. 
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801
reference_id CVE-2015-0801
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-40
reference_id mfsa2015-40
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-40
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.6.0
purl pkg:mozilla/Firefox%20ESR@31.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.6.0
aliases CVE-2015-0801
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7m2-cbnx-bygy
1
url VCID-nj18-p9nk-9ffg
vulnerability_id VCID-nj18-p9nk-9ffg
summary 
Security researcher Mariusz Mlynski reported, through HP
Zero Day Initiative's Pwn2Own contest, that documents loaded though a
resource: URL, such as Mozilla's PDF.js PDF file
viewer, were able to subsequently load privileged chrome pages. The privilege
restrictions on resource: URLs was handled incorrectly and these
restrictions could be bypassed if this flaw was combined with a separate
vulnerability allowing for same-origin policy violation, it could be used to run
arbitrary code.
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816
reference_id CVE-2015-0816
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-33
reference_id mfsa2015-33
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-33
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.6.0
purl pkg:mozilla/Firefox%20ESR@31.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.6.0
aliases CVE-2015-0816
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj18-p9nk-9ffg
2
url VCID-r59n-k84q-ebab
vulnerability_id VCID-r59n-k84q-ebab
summary 
Mozilla developers and community identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0815
reference_id CVE-2015-0815
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0815
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-30
reference_id mfsa2015-30
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-30
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.6.0
purl pkg:mozilla/Firefox%20ESR@31.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.6.0
aliases CVE-2015-0815
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r59n-k84q-ebab
3
url VCID-svaq-kp6k-r7hx
vulnerability_id VCID-svaq-kp6k-r7hx
summary 
Mozilla developer Christoph Kerschbaumer discovered an issue
while investigating Mozilla
Foundation Security Advisory 2015-03, previously reported by security
researcher Muneaki Nishimura. This flaw was that a cross-origin
resource sharing (CORS) request should not follow 30x redirections after
preflight according to the specification. This only affects
sendBeacon() requests but could allow for a potential Cross-site
request forgery (XSRF) attack from malicious websites. 
In general this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled, but is potentially a risk in
browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807
reference_id CVE-2015-0807
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0807
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-37
reference_id mfsa2015-37
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-37
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.6.0
purl pkg:mozilla/Firefox%20ESR@31.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.6.0
aliases CVE-2015-0807
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svaq-kp6k-r7hx
4
url VCID-tb5c-absx-ckbz
vulnerability_id VCID-tb5c-absx-ckbz
summary 
Security researcher Aki Helin reported a use-after-free when
playing certain MP3 format audio files on the web using the Fluendo MP3 plugin
for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by
the plugin and its interaction with Mozilla code. This can lead to a potentially
exploitable crash.
This flaw only affects Linux installations. Windows and OS X
users are unaffected by it.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813
reference_id CVE-2015-0813
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0813
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-31
reference_id mfsa2015-31
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-31
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@31.6.0
purl pkg:mozilla/Firefox%20ESR@31.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.6.0
aliases CVE-2015-0813
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tb5c-absx-ckbz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.6.0