Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:mozilla/Firefox%20ESR@17.0.7
Typemozilla
Namespace
NameFirefox ESR
Version17.0.7
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version17.0.8
Latest_non_vulnerable_version140.11.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3ekz-3akk-63er
vulnerability_id VCID-3ekz-3akk-63er
summary 
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team used the Address Sanitizer tool to discover a series of
use-after-free problems rated critical as security issues in shipped software.
Some of these issues are potentially exploitable, allowing for remote code
execution. We would also like to thank Abhishek for reporting additional
use-after-free and buffer overflow flaws in code introduced during Firefox
development. These were fixed before general release.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
reference_id CVE-2013-1684
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-50
reference_id mfsa2013-50
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-50
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1684
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ekz-3akk-63er
1
url VCID-848r-yzgr-gqhs
vulnerability_id VCID-848r-yzgr-gqhs
summary 
Security researcher Johnathan Kuskos reported that Firefox
is sending data in the body of  XMLHttpRequest (XHR) HEAD requests, which goes
against the XHR specification. This can potentially be used for Cross-Site
Request Forgery (CSRF) attacks against sites which do not distinguish
between HEAD and POST requests.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
reference_id CVE-2013-1692
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-54
reference_id mfsa2013-54
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-54
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1692
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-848r-yzgr-gqhs
2
url VCID-93bk-58d7-qfdf
vulnerability_id VCID-93bk-58d7-qfdf
summary 
Mozilla developer Boris Zbarsky found that when
PreserveWrapper was used in cases where a wrapper is not set, the
preserved-wrapper flag on the wrapper cache is cleared. This could
potentially lead to an exploitable crash.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
reference_id CVE-2013-1694
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-56
reference_id mfsa2013-56
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-56
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1694
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93bk-58d7-qfdf
3
url VCID-cvzy-dfhj-nkcy
vulnerability_id VCID-cvzy-dfhj-nkcy
summary 
Mozilla security researcher moz_bug_r_a4 reported that
XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
reference_id CVE-2013-1697
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-59
reference_id mfsa2013-59
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-59
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1697
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvzy-dfhj-nkcy
4
url VCID-jgqx-8ras-4bgn
vulnerability_id VCID-jgqx-8ras-4bgn
summary 
Security researcher Paul Stone of Context Information Security discovered
that timing differences in the processing of SVG format images with filters
could allow for pixel values to be read. This could potentially allow for text
values to be read across domains, leading to information disclosure.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
reference_id CVE-2013-1693
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-55
reference_id mfsa2013-55
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-55
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1693
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqx-8ras-4bgn
5
url VCID-q1jy-unjg-uffh
vulnerability_id VCID-q1jy-unjg-uffh
summary 
Security researcher Nils reported that specially crafted web
content using the onreadystatechange event and reloading of pages
could sometimes cause a crash when unmapped memory is executed. This crash is
potentially exploitable.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
reference_id CVE-2013-1690
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-53
reference_id mfsa2013-53
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-53
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1690
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q1jy-unjg-uffh
6
url VCID-utce-na5h-5kdn
vulnerability_id VCID-utce-na5h-5kdn
summary 
Security researcher Mariusz Mlynski reported that it is
possible to compile a user-defined function in the XBL scope of a specific
element and then trigger an event within this scope to run code. In some
circumstances, when this code is run, it can access content protected by System
Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to
arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be
bypassed by web content to access privileged methods, leading to a cross-site
scripting (XSS) attack from privileged pages.In general these flaws cannot be exploited through email in the
Thunderbird and SeaMonkey products because scripting is disabled, but are
potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
reference_id CVE-2013-1687
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-51
reference_id mfsa2013-51
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-51
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1687
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utce-na5h-5kdn
7
url VCID-uvdw-u8g4-6kgp
vulnerability_id VCID-uvdw-u8g4-6kgp
summary 
Mozilla developers identified and fixed several memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of these
bugs showed evidence of memory corruption under certain circumstances, and we
presume that with enough effort at least some of these could be exploited to run
arbitrary code.In general these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled, but are
potentially a risk in browser or browser-like contexts.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
reference_id CVE-2013-1682
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-49
reference_id mfsa2013-49
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-49
fixed_packages
0
url pkg:mozilla/Firefox%20ESR@17.0.7
purl pkg:mozilla/Firefox%20ESR@17.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7
aliases CVE-2013-1682
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvdw-u8g4-6kgp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@17.0.7