Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-yuz9-ee71-u7fa
Summary
Security researcher Gregory Fleischer reported
that local resources loaded via the file: protocol can
access any domain's cookies which have been saved on a user's machine.
Fleischer demonstrated that a local document's domain was being
calculated incorrectly from its URL.  If a victim could be persuaded
to download a malicious file and then open that file in their browser,
the malicious file could then steal arbitrary cookies from the
victim's computer.  Due to the interaction required for this attack,
the severity of the issue was determined to be moderate.
Aliases
0
alias CVE-2009-1835
Fixed_packages
0
url pkg:mozilla/Firefox@3.0.11
purl pkg:mozilla/Firefox@3.0.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.11
1
url pkg:mozilla/SeaMonkey@1.1.17
purl pkg:mozilla/SeaMonkey@1.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.17
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835
reference_id CVE-2009-1835
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1835
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-26
reference_id mfsa2009-26
reference_type
scores
0
value none
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-26
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-yuz9-ee71-u7fa