Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-49rf-24dt-vydg
Summary
moz_bug_r_a4 discovered that .valueOf.call() and .valueOf.apply()
when called with no arguments were returning the Object class
prototype rather than the caller's global window object. When
called on a reachable property of another window this provides
a hook to get around the same-origin protection, allowing an
attacker to inject script into another window.Cross-site script injection can be used to steal confidential
data such as cookies or passwords, or perform actions on
the user's behalf. It can also be used to alter the content
of the other window which could be used to fool a user
into trusting bogus information or downloaded content.Thunderbird shares the JavaScript engine with Firefox
and could be vulnerable if JavaScript were to be enabled in mail. This is not
the default setting and we strongly discourage users from running
JavaScript in mail.
Aliases
0
alias CVE-2006-1731
Fixed_packages
0
url pkg:mozilla/Firefox@1.0.8
purl pkg:mozilla/Firefox@1.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.0.8
1
url pkg:mozilla/Firefox@1.5.0
purl pkg:mozilla/Firefox@1.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@1.5.0
2
url pkg:mozilla/Mozilla%20Suite@1.7.13
purl pkg:mozilla/Mozilla%20Suite@1.7.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Mozilla%2520Suite@1.7.13
3
url pkg:mozilla/SeaMonkey@1.0.0
purl pkg:mozilla/SeaMonkey@1.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0
4
url pkg:mozilla/Thunderbird@1.0.8
purl pkg:mozilla/Thunderbird@1.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.0.8
5
url pkg:mozilla/Thunderbird@1.5.0
purl pkg:mozilla/Thunderbird@1.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@1.5.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
reference_id CVE-2006-1731
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2006-19
reference_id mfsa2006-19
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2006-19
Weaknesses
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-49rf-24dt-vydg