Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-c8zu-jpst-7yd4

Summary A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user's Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process.

Aliases

alias	CVE-2019-11741

Fixed_packages

url	pkg:alpm/archlinux/firefox@69.0-1
purl	pkg:alpm/archlinux/firefox@69.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@69.0-1

url	pkg:deb/debian/firefox@69.0-1?distro=sid
purl	pkg:deb/debian/firefox@69.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@69.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@151.0.3-1?distro=sid
purl	pkg:deb/debian/firefox@151.0.3-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/firefox@68.0.2-1

purl pkg:alpm/archlinux/firefox@68.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2wxh-2zyh-1ke4

vulnerability	VCID-7skz-3xdx-qfb2

vulnerability	VCID-a7f4-e11n-nudj

vulnerability	VCID-ahyy-dnwx-hkgq

vulnerability	VCID-bcec-844m-17er

vulnerability	VCID-c8zu-jpst-7yd4

vulnerability	VCID-gus7-632r-pbe8

vulnerability	VCID-hmhw-rwg5-nkaf

vulnerability	VCID-huuy-2tmx-5qfw

vulnerability	VCID-n2q8-gxpe-z7hs

vulnerability	VCID-pdnj-utqg-bbdy

vulnerability	VCID-q8zd-91dy-x7cx

vulnerability	VCID-rkqd-sddx-dqc6

vulnerability	VCID-w5m4-671n-qkfx

vulnerability	VCID-xn4h-9ze2-3yft

vulnerability	VCID-y916-adxe-hkab

vulnerability	VCID-yr2r-ca9n-w7bw

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@68.0.2-1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11741.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11741.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11741

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47785
published_at	2026-06-04T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47848
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11741

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1748673
reference_id	1748673
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1748673

reference_url	https://security.archlinux.org/ASA-201909-2
reference_id	ASA-201909-2
reference_type
scores
url	https://security.archlinux.org/ASA-201909-2

reference_url

https://security.archlinux.org/AVG-1036

reference_id

AVG-1036

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1036

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25

reference_id

mfsa2019-25

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-25

reference_url	https://usn.ubuntu.com/4122-1/
reference_id	USN-4122-1
reference_type
scores
url	https://usn.ubuntu.com/4122-1/

Weaknesses

cwe_id	358
name	Improperly Implemented Security Check for Standard
description	The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

Exploits

Severity_range_score 6.1 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8zu-jpst-7yd4

Vulnerability Instance