Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-3z7f-gy4g-m7fy
Summary
Mozilla developer Bobby Holley reported that Document Object
Model (DOM) objects with some specific properties can bypass XrayWrappers. This
can allow web content to confuse privileged code, potentially enabling privilege
escalation.
Update for February 12, 2015: Security researcher Joe Vennix of Rapid7 also reported another issue caused by this same problem. He discovered that setting a prototype to a proxy object could allow web content to open privileged window with the chrome property, allowing for escalation of privilege.
Aliases
0
alias CVE-2014-8636
Fixed_packages
0
url pkg:mozilla/Firefox@35.0.0
purl pkg:mozilla/Firefox@35.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@35.0.0
1
url pkg:mozilla/SeaMonkey@2.32.0
purl pkg:mozilla/SeaMonkey@2.32.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.32.0
Affected_packages
References
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636
reference_id CVE-2014-8636
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-09
reference_id mfsa2015-09
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-09
Weaknesses
Exploits
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-3z7f-gy4g-m7fy