Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-e43t-3b7n-c3bj

Summary A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.

Aliases

alias	CVE-2017-5454

Fixed_packages

url	pkg:alpm/archlinux/firefox@53.0-1
purl	pkg:alpm/archlinux/firefox@53.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1

url	pkg:deb/debian/firefox@52.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@52.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@52.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/firefox@52.0.2-1

purl pkg:alpm/archlinux/firefox@52.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1asm-t31q-w3ef

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-3315-b7du-kydm

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6a5y-dwev-93be

vulnerability	VCID-6p3q-f7f6-mygv

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hq7v-u57f-5uhc

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-kxvg-qw8v-vydv

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-q83t-h55y-eyhv

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-rwnr-ngz9-akg1

vulnerability	VCID-x4gg-h5q9-ufbc

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0.2-1

url pkg:rpm/redhat/firefox@52.1.0-2?arch=el7_3

purl pkg:rpm/redhat/firefox@52.1.0-2?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1asm-t31q-w3ef

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-2t1r-58sq-3uaf

vulnerability	VCID-3315-b7du-kydm

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6p3q-f7f6-mygv

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hq7v-u57f-5uhc

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-tt4e-ufku-2yek

vulnerability	VCID-wwx8-enxs-subd

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@52.1.0-2%3Farch=el7_3

url pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el6_9

purl pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-2t1r-58sq-3uaf

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-tt4e-ufku-2yek

vulnerability	VCID-wwx8-enxs-subd

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@52.1.0-1%3Farch=el6_9

url pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el7_3

purl pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-2t1r-58sq-3uaf

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-tt4e-ufku-2yek

vulnerability	VCID-wwx8-enxs-subd

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@52.1.0-1%3Farch=el7_3

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5454.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5454.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5454

reference_id

reference_type

scores

value	0.00533
scoring_system	epss
scoring_elements	0.67393
published_at	2026-04-16T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67343
published_at	2026-04-04T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67321
published_at	2026-04-07T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67372
published_at	2026-04-08T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67385
published_at	2026-04-09T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67406
published_at	2026-04-11T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67394
published_at	2026-04-12T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67358
published_at	2026-04-13T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67283
published_at	2026-04-01T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.6732
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5454

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1349276
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1349276

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-10/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-10/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-13/

reference_url	http://www.securityfocus.com/bid/97940
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97940

reference_url	http://www.securitytracker.com/id/1038320
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038320

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1443338
reference_id	1443338
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1443338

reference_url	https://security.archlinux.org/ASA-201704-6
reference_id	ASA-201704-6
reference_type
scores
url	https://security.archlinux.org/ASA-201704-6

reference_url

https://security.archlinux.org/AVG-249

reference_id

AVG-249

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-249

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5454

reference_id

CVE-2017-5454

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5454

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

reference_id

mfsa2017-10

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

reference_id

mfsa2017-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-13

reference_id

mfsa2017-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-13

reference_url	https://access.redhat.com/errata/RHSA-2017:1106
reference_id	RHSA-2017:1106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1106

reference_url	https://access.redhat.com/errata/RHSA-2017:1201
reference_id	RHSA-2017:1201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1201

reference_url	https://usn.ubuntu.com/3260-1/
reference_id	USN-3260-1
reference_type
scores
url	https://usn.ubuntu.com/3260-1/

reference_url	https://usn.ubuntu.com/3278-1/
reference_id	USN-3278-1
reference_type
scores
url	https://usn.ubuntu.com/3278-1/

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 3.5 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e43t-3b7n-c3bj

Vulnerability Instance