Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jbys-r4mj-cydy

Summary

Gerry Eisenhaur reported the chrome: URI scheme
improperly allowed directory traversal that could be used to load
JavaScript, images, and stylesheets from local files in known locations.
This traversal was possible only when the browser had installed add-ons
which used "flat" packaging rather than the more popular .jar packaging,
and the attacker would need to target that specific add-on.Mozilla researcher moz_bug_r_a4 reported that this
vulnerability could be used to steal the contents of the browser's
sessionstore.js file, which contains session cookie data
and information about currently open web pages.

Aliases

alias	CVE-2008-0418

Fixed_packages

url	pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14
purl	pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird@2.0.0.14

url	pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.0.0.14
purl	pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/mozilla-thunderbird-bin@2.0.0.14

url	pkg:ebuild/net-libs/xulrunner@1.1.9
purl	pkg:ebuild/net-libs/xulrunner@1.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@1.1.9

url	pkg:ebuild/net-libs/xulrunner@1.1.9-r1
purl	pkg:ebuild/net-libs/xulrunner@1.1.9-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@1.1.9-r1

url	pkg:ebuild/net-libs/xulrunner@1.8.1.14
purl	pkg:ebuild/net-libs/xulrunner@1.8.1.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@1.8.1.14

url	pkg:ebuild/net-libs/xulrunner@2.0.0.14
purl	pkg:ebuild/net-libs/xulrunner@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-libs/xulrunner@2.0.0.14

url	pkg:ebuild/www-client/mozilla-firefox@2.0.0.14
purl	pkg:ebuild/www-client/mozilla-firefox@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox@2.0.0.14

url	pkg:ebuild/www-client/mozilla-firefox-bin@2.0.0.14
purl	pkg:ebuild/www-client/mozilla-firefox-bin@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/mozilla-firefox-bin@2.0.0.14

url	pkg:ebuild/www-client/seamonkey@1.1.9-r1
purl	pkg:ebuild/www-client/seamonkey@1.1.9-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@1.1.9-r1

url	pkg:ebuild/www-client/seamonkey@2.0.0.14
purl	pkg:ebuild/www-client/seamonkey@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@2.0.0.14

url	pkg:ebuild/www-client/seamonkey-bin@1.1.9
purl	pkg:ebuild/www-client/seamonkey-bin@1.1.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@1.1.9

url	pkg:ebuild/www-client/seamonkey-bin@1.1.9-r1
purl	pkg:ebuild/www-client/seamonkey-bin@1.1.9-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@1.1.9-r1

url	pkg:ebuild/www-client/seamonkey-bin@2.0.0.14
purl	pkg:ebuild/www-client/seamonkey-bin@2.0.0.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@2.0.0.14

url	pkg:mozilla/SeaMonkey@1.1.8
purl	pkg:mozilla/SeaMonkey@1.1.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.8

Affected_packages

url pkg:rpm/redhat/firefox@1.5.0.12-0.10?arch=el4

purl pkg:rpm/redhat/firefox@1.5.0.12-0.10?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-52n3-8f9y-uqe2

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

vulnerability	VCID-xayb-bkzz-zkfg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@1.5.0.12-0.10%3Farch=el4

url pkg:rpm/redhat/firefox@1.5.0.12-9?arch=el5

purl pkg:rpm/redhat/firefox@1.5.0.12-9?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-52n3-8f9y-uqe2

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

vulnerability	VCID-xayb-bkzz-zkfg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@1.5.0.12-9%3Farch=el5

url pkg:rpm/redhat/seamonkey@1.0.9-0.9?arch=el3

purl pkg:rpm/redhat/seamonkey@1.0.9-0.9?arch=el3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27wg-hjuj-bqa7

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-52n3-8f9y-uqe2

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

vulnerability	VCID-xayb-bkzz-zkfg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.9-0.9%3Farch=el3

url pkg:rpm/redhat/seamonkey@1.0.9-0.9?arch=el2

purl pkg:rpm/redhat/seamonkey@1.0.9-0.9?arch=el2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27wg-hjuj-bqa7

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-52n3-8f9y-uqe2

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

vulnerability	VCID-xayb-bkzz-zkfg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.9-0.9%3Farch=el2

url pkg:rpm/redhat/seamonkey@1.0.9-9?arch=el4

purl pkg:rpm/redhat/seamonkey@1.0.9-9?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27wg-hjuj-bqa7

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-52n3-8f9y-uqe2

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

vulnerability	VCID-xayb-bkzz-zkfg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/seamonkey@1.0.9-9%3Farch=el4

url pkg:rpm/redhat/thunderbird@1.5.0.12-8?arch=el5

purl pkg:rpm/redhat/thunderbird@1.5.0.12-8?arch=el5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27wg-hjuj-bqa7

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@1.5.0.12-8%3Farch=el5

url pkg:rpm/redhat/thunderbird@1.5.0.12-8?arch=el4

purl pkg:rpm/redhat/thunderbird@1.5.0.12-8?arch=el4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27wg-hjuj-bqa7

vulnerability	VCID-2dyf-9tzk-1ucm

vulnerability	VCID-6bc6-xdg7-sqew

vulnerability	VCID-ftx3-d7j8-skep

vulnerability	VCID-jbys-r4mj-cydy

vulnerability	VCID-m4ge-x2x9-vyhd

vulnerability	VCID-nd9m-nqub-27a3

vulnerability	VCID-vnez-z562-73gr

vulnerability	VCID-vnfv-1da2-ekan

vulnerability	VCID-vxzf-uhr6-rycb

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@1.5.0.12-8%3Farch=el4

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0418.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0418.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-0418

reference_id

reference_type

scores

value	0.38662
scoring_system	epss
scoring_elements	0.97333
published_at	2026-06-04T12:55:00Z

value	0.38662
scoring_system	epss
scoring_elements	0.97338
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-0418

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=431748
reference_id	431748
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=431748

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418
reference_id	CVE-2008-0418
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0418

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31051.txt
reference_id	CVE-2008-0418;OSVDB-41187
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31051.txt

reference_url	https://www.securityfocus.com/bid/27406/info
reference_id	CVE-2008-0418;OSVDB-41187
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/27406/info

reference_url	https://security.gentoo.org/glsa/200805-18
reference_id	GLSA-200805-18
reference_type
scores
url	https://security.gentoo.org/glsa/200805-18

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2008-05

reference_id

mfsa2008-05

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2008-05

reference_url	https://access.redhat.com/errata/RHSA-2008:0103
reference_id	RHSA-2008:0103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0103

reference_url	https://access.redhat.com/errata/RHSA-2008:0104
reference_id	RHSA-2008:0104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0104

reference_url	https://access.redhat.com/errata/RHSA-2008:0105
reference_id	RHSA-2008:0105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0105

reference_url	https://usn.ubuntu.com/576-1/
reference_id	USN-576-1
reference_type
scores
url	https://usn.ubuntu.com/576-1/

reference_url	https://usn.ubuntu.com/582-1/
reference_id	USN-582-1
reference_type
scores
url	https://usn.ubuntu.com/582-1/

Weaknesses

Exploits

date_added	2008-01-19
description	Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2008-01-19
exploit_type	remote
platform	linux
source_date_updated	2014-01-20
data_source	Exploit-DB
source_url	https://www.securityfocus.com/bid/27406/info

Severity_range_score 7.0 - 8.9

Exploitability 2.0

Weighted_severity 8.0

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbys-r4mj-cydy

Vulnerability Instance