Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-54xd-e1tz-myck

Summary

Mozilla security researcher moz_bug_r_a4 reported
that when content script which is running in a chrome context accesses
a content object via SJOW, the content code can gain access to an
object from the chrome scope and use that object to run arbitrary
JavaScript with chrome privileges.Firefox 3.5 and other Mozilla products built from
Gecko 1.9.1 were not affected by this issue.

Aliases

alias	CVE-2010-1215

Fixed_packages

url	pkg:mozilla/Firefox@3.6.7
purl	pkg:mozilla/Firefox@3.6.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7

url	pkg:mozilla/Thunderbird@3.1.1
purl	pkg:mozilla/Thunderbird@3.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.1

Affected_packages

References

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215
reference_id	CVE-2010-1215
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1215

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2010-38

reference_id

mfsa2010-38

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2010-38

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54xd-e1tz-myck

Vulnerability Instance