Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fasa-11uc-jucq
Summary
Multiple vulnerabilities have been found in Mozilla Firefox and
    Thunderbird, the worst of which may allow user-assisted execution of
    arbitrary code.
Aliases
0
alias CVE-2015-4495
Fixed_packages
0
url pkg:deb/debian/pdf.js@1.1.366%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/pdf.js@1.1.366%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@1.1.366%252Bdfsg-1%3Fdistro=trixie
1
url pkg:deb/debian/pdf.js@1.5.188%2Bdfsg-1
purl pkg:deb/debian/pdf.js@1.5.188%2Bdfsg-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@1.5.188%252Bdfsg-1
2
url pkg:deb/debian/pdf.js@2.6.347%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/pdf.js@2.6.347%2Bdfsg-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@2.6.347%252Bdfsg-3%3Fdistro=trixie
3
url pkg:deb/debian/pdf.js@2.14.305%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/pdf.js@2.14.305%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@2.14.305%252Bdfsg-2%3Fdistro=trixie
4
url pkg:deb/debian/pdf.js@2.14.305%2Bdfsg-4?distro=trixie
purl pkg:deb/debian/pdf.js@2.14.305%2Bdfsg-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@2.14.305%252Bdfsg-4%3Fdistro=trixie
5
url pkg:deb/debian/pdf.js@2.14.305%2Bdfsg-5?distro=trixie
purl pkg:deb/debian/pdf.js@2.14.305%2Bdfsg-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@2.14.305%252Bdfsg-5%3Fdistro=trixie
6
url pkg:ebuild/mail-client/thunderbird@38.5.0
purl pkg:ebuild/mail-client/thunderbird@38.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@38.5.0
7
url pkg:ebuild/mail-client/thunderbird-bin@38.5.0
purl pkg:ebuild/mail-client/thunderbird-bin@38.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@38.5.0
8
url pkg:ebuild/www-client/firefox@38.5.0
purl pkg:ebuild/www-client/firefox@38.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@38.5.0
9
url pkg:ebuild/www-client/firefox-bin@38.5.0
purl pkg:ebuild/www-client/firefox-bin@38.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@38.5.0
10
url pkg:mozilla/Firefox@39.0.3
purl pkg:mozilla/Firefox@39.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@39.0.3
11
url pkg:mozilla/Firefox%20ESR@38.1.1
purl pkg:mozilla/Firefox%20ESR@38.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@38.1.1
12
url pkg:mozilla/Firefox%20OS@2.2.0
purl pkg:mozilla/Firefox%20OS@2.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520OS@2.2.0
Affected_packages
0
url pkg:deb/debian/pdf.js@1.0.473%2Bdfsg-1~bpo70%2B1
purl pkg:deb/debian/pdf.js@1.0.473%2Bdfsg-1~bpo70%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fasa-11uc-jucq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@1.0.473%252Bdfsg-1~bpo70%252B1
1
url pkg:deb/debian/pdf.js@1.0.907%2Bdfsg-1
purl pkg:deb/debian/pdf.js@1.0.907%2Bdfsg-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fasa-11uc-jucq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@1.0.907%252Bdfsg-1
2
url pkg:deb/debian/pdf.js@1.0.907%2Bdfsg-1%2Bdeb8u1
purl pkg:deb/debian/pdf.js@1.0.907%2Bdfsg-1%2Bdeb8u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fasa-11uc-jucq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdf.js@1.0.907%252Bdfsg-1%252Bdeb8u1
3
url pkg:rpm/redhat/firefox@38.1.1-1?arch=ael7b_1
purl pkg:rpm/redhat/firefox@38.1.1-1?arch=ael7b_1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fasa-11uc-jucq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@38.1.1-1%3Farch=ael7b_1
4
url pkg:rpm/redhat/firefox@38.1.1-1?arch=el5_11
purl pkg:rpm/redhat/firefox@38.1.1-1?arch=el5_11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fasa-11uc-jucq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@38.1.1-1%3Farch=el5_11
5
url pkg:rpm/redhat/firefox@38.1.1-1?arch=el6_7
purl pkg:rpm/redhat/firefox@38.1.1-1?arch=el6_7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fasa-11uc-jucq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@38.1.1-1%3Farch=el6_7
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4495.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4495.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-4495
reference_id
reference_type
scores
0
value 0.71568
scoring_system epss
scoring_elements 0.98723
published_at 2026-04-04T12:55:00Z
1
value 0.71568
scoring_system epss
scoring_elements 0.98719
published_at 2026-04-02T12:55:00Z
2
value 0.71568
scoring_system epss
scoring_elements 0.98731
published_at 2026-04-13T12:55:00Z
3
value 0.71568
scoring_system epss
scoring_elements 0.98718
published_at 2026-04-01T12:55:00Z
4
value 0.71568
scoring_system epss
scoring_elements 0.9873
published_at 2026-04-12T12:55:00Z
5
value 0.71568
scoring_system epss
scoring_elements 0.98727
published_at 2026-04-09T12:55:00Z
6
value 0.71568
scoring_system epss
scoring_elements 0.98733
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-4495
2
reference_url http://www.securitytracker.com/id/1033216
reference_id 1033216
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://www.securitytracker.com/id/1033216
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1251318
reference_id 1251318
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1251318
4
reference_url https://www.exploit-db.com/exploits/37772/
reference_id 37772
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url https://www.exploit-db.com/exploits/37772/
5
reference_url http://www.securityfocus.com/bid/76249
reference_id 76249
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://www.securityfocus.com/bid/76249
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4495
reference_id CVE-2015-4495
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4495
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/37772.js
reference_id CVE-2015-4495;OSVDB-125839
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/37772.js
8
reference_url https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
reference_id firefox-exploit-found-in-the-wild
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
9
reference_url https://security.gentoo.org/glsa/201512-10
reference_id GLSA-201512-10
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url https://security.gentoo.org/glsa/201512-10
10
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-78
reference_id mfsa2015-78
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-78
11
reference_url http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
reference_id mfsa2015-78.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
12
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
reference_id msg00009.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
13
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
reference_id msg00010.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
14
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
reference_id msg00014.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
15
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
reference_id msg00015.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
16
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
reference_id msg00016.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
17
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
reference_id msg00021.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
18
reference_url https://access.redhat.com/errata/RHSA-2015:1581
reference_id RHSA-2015:1581
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1581
19
reference_url http://rhn.redhat.com/errata/RHSA-2015-1581.html
reference_id RHSA-2015-1581.html
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://rhn.redhat.com/errata/RHSA-2015-1581.html
20
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
reference_id show_bug.cgi?id=1178058
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
21
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
reference_id show_bug.cgi?id=1179262
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
22
reference_url https://usn.ubuntu.com/2707-1/
reference_id USN-2707-1
reference_type
scores
url https://usn.ubuntu.com/2707-1/
23
reference_url http://www.ubuntu.com/usn/USN-2707-1
reference_id USN-2707-1
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T12:50:43Z/
url http://www.ubuntu.com/usn/USN-2707-1
Weaknesses
Exploits
0
date_added 2015-08-15
description Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2015-08-15
exploit_type local
platform multiple
source_date_updated 2016-10-27
data_source Exploit-DB
source_url
1
date_added null
description 
This module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR
          38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability
          occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with
          privileges to read local files. The in-the-wild malicious payloads searched for sensitive
          files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they
          do not use the Mozilla PDF viewer.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/firefox_pdfjs_file_theft.rb
2
date_added 2022-05-25
description Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
required_action Apply updates per vendor instructions.
due_date 2022-06-15
notes https://nvd.nist.gov/vuln/detail/CVE-2015-4495
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score8.8 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fasa-11uc-jucq