Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-x7gc-qnmk-ebfk
Summary
Security researchers Adam Barth and Collin
Jackson reported that when a file: resource is
loaded via the location bar it inherits the principal of the
previously loaded document.  This vulnerability can potentially give
the newly loaded document additional privileges to access the contents
of other local files that it wouldn't otherwise have permission to read.
A potential victim would first have to have downloaded the attackers
document to their local machine. Then the victim would have to open another
document in a directory of interest to the attacker before opening the
attacker's file in the same window.
Prior to version 3.0, Firefox (like browsers from other
vendors) treated all local files as having the same origin without
restriction. This vulnerability is a partial bypass of the restrictions
implemented in Firefox 3.0
Aliases
0
alias CVE-2009-1839
Fixed_packages
0
url pkg:mozilla/Firefox@3.0.11
purl pkg:mozilla/Firefox@3.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839
reference_id CVE-2009-1839
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1839
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-30
reference_id mfsa2009-30
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-30
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-x7gc-qnmk-ebfk