Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-89h9-tev5-23cu

Summary

Mozilla engineer Matt Wobensmith reported that Content Security Policy
(CSP) does not block the loading of cross-domain Java applets when specified by policy.
This is because the Java applet is loaded by the Java plugin, which then mediates all
network requests without checking against CSP. This could allow a malicious site to
manipulate content through a Java applet to bypass CSP protections, allowing for possible
cross-site scripting (XSS) attacks.

Aliases

alias	CVE-2016-2833

Fixed_packages

url	pkg:mozilla/Firefox@47.0.0
purl	pkg:mozilla/Firefox@47.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@47.0.0

Affected_packages

References

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2833
reference_id	CVE-2016-2833
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2833

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-60

reference_id

mfsa2016-60

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-60

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89h9-tev5-23cu

Vulnerability Instance