Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-by67-ztwk-8kh3
Summary
Mozilla security researcher moz_bug_r_a4 reported that
a form input control's type could be changed during the restoration of a
closed tab. An attacker could set an input control's text value to the
path of a local file whose location was known to the attacker. If the tab
was then closed and the victim persuaded to re-open it, upon restoring the
tab the attacker could use this vulnerability to change the input type to
file. Scripts in the page could then automatically submit
the form and steal the contents of the user's local file.
Aliases
0
alias CVE-2009-0355
Fixed_packages
0
url pkg:mozilla/Firefox@3.0.6
purl pkg:mozilla/Firefox@3.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.6
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355
reference_id CVE-2009-0355
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0355
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-03
reference_id mfsa2009-03
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-03
Weaknesses
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-by67-ztwk-8kh3