Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-42et-b37x-v7dy
Summary
Mozilla developer Blake Kaplan reported
that setTimeout, when called with certain object
parameters which should be protected with
a XPCNativeWrapper, will fail to keep the object wrapped
when compiling the new function to be executed.  If chrome privileged
code were to call setTimeout using this as
an argument, the this object will lose its wrapper and
could be unsafely accessed by chrome code.  An attacker could use such
vulnerable code to run arbitrary JavaScript with chrome
privileges.
Aliases
0
alias CVE-2009-2471
Fixed_packages
0
url pkg:mozilla/Firefox@3.0.12
purl pkg:mozilla/Firefox@3.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.12
1
url pkg:mozilla/Firefox@3.5.0
purl pkg:mozilla/Firefox@3.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471
reference_id CVE-2009-2471
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2471
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-39
reference_id mfsa2009-39
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-39
Weaknesses
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-42et-b37x-v7dy