Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-c11z-6f9c-3bb5

Summary A mechanism to spoof the addressbar through the user interaction on the addressbar and the onblur event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar.

Aliases

alias	CVE-2017-5451

Fixed_packages

url	pkg:alpm/archlinux/firefox@53.0-1
purl	pkg:alpm/archlinux/firefox@53.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0-1

url	pkg:deb/debian/firefox@52.0.1-1?distro=sid
purl	pkg:deb/debian/firefox@52.0.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@52.0.1-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/firefox@52.0.2-1

purl pkg:alpm/archlinux/firefox@52.0.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1asm-t31q-w3ef

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-3315-b7du-kydm

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6a5y-dwev-93be

vulnerability	VCID-6p3q-f7f6-mygv

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hq7v-u57f-5uhc

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-kxvg-qw8v-vydv

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-q83t-h55y-eyhv

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-rwnr-ngz9-akg1

vulnerability	VCID-x4gg-h5q9-ufbc

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@52.0.2-1

url pkg:rpm/redhat/firefox@52.1.0-2?arch=el7_3

purl pkg:rpm/redhat/firefox@52.1.0-2?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1asm-t31q-w3ef

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-2t1r-58sq-3uaf

vulnerability	VCID-3315-b7du-kydm

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6p3q-f7f6-mygv

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hq7v-u57f-5uhc

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-tt4e-ufku-2yek

vulnerability	VCID-wwx8-enxs-subd

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@52.1.0-2%3Farch=el7_3

url pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el7_3

purl pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el7_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-2t1r-58sq-3uaf

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-tt4e-ufku-2yek

vulnerability	VCID-wwx8-enxs-subd

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@52.1.0-1%3Farch=el7_3

url pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el6_9

purl pkg:rpm/redhat/thunderbird@52.1.0-1?arch=el6_9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-23bx-as83-e3bv

vulnerability	VCID-2j7g-g6dj-qydb

vulnerability	VCID-2t1r-58sq-3uaf

vulnerability	VCID-3ega-m6fz-uugy

vulnerability	VCID-4n3b-syg9-ykh9

vulnerability	VCID-54vr-pby9-ffg7

vulnerability	VCID-6sun-2gu6-jqh7

vulnerability	VCID-77xw-dvy5-5uch

vulnerability	VCID-79kw-syxy-n7a1

vulnerability	VCID-8frm-8p43-pyh8

vulnerability	VCID-8wgm-j522-4yac

vulnerability	VCID-c11z-6f9c-3bb5

vulnerability	VCID-dsuj-fmtr-cbft

vulnerability	VCID-e43t-3b7n-c3bj

vulnerability	VCID-f5dh-8kx7-vbfq

vulnerability	VCID-f9dc-n2bd-gqdt

vulnerability	VCID-h2zq-ubdu-sqc8

vulnerability	VCID-hthe-t85x-13gz

vulnerability	VCID-jzb7-dve8-jygb

vulnerability	VCID-pp4w-2986-nqee

vulnerability	VCID-q72b-g1hz-23fs

vulnerability	VCID-ru7n-21qs-eyfx

vulnerability	VCID-tt4e-ufku-2yek

vulnerability	VCID-wwx8-enxs-subd

vulnerability	VCID-y2dd-vp7y-5ka1

vulnerability	VCID-yaew-dtry-pkfv

vulnerability	VCID-z4hp-wpp1-17bu

vulnerability	VCID-zr38-6kvs-ckdh

vulnerability	VCID-zyxf-mxw2-4yc1

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/thunderbird@52.1.0-1%3Farch=el6_9

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5451.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5451.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5451

reference_id

reference_type

scores

value	0.00551
scoring_system	epss
scoring_elements	0.68032
published_at	2026-04-18T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.67942
published_at	2026-04-07T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.67993
published_at	2026-04-08T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.68007
published_at	2026-04-09T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.6803
published_at	2026-04-11T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.68016
published_at	2026-04-12T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.67982
published_at	2026-04-13T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.68019
published_at	2026-04-16T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.67922
published_at	2026-04-01T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.67944
published_at	2026-04-02T12:55:00Z

value	0.00551
scoring_system	epss
scoring_elements	0.67963
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5451

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1273537
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1273537

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-10/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-10/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-12/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-12/

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-13/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-13/

reference_url	http://www.securityfocus.com/bid/97940
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/97940

reference_url	http://www.securitytracker.com/id/1038320
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038320

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1443340
reference_id	1443340
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1443340

reference_url	https://security.archlinux.org/ASA-201704-6
reference_id	ASA-201704-6
reference_type
scores
url	https://security.archlinux.org/ASA-201704-6

reference_url

https://security.archlinux.org/AVG-249

reference_id

AVG-249

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-249

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
reference_id	cpe:2.3:a:mozilla:thunderbird::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5451

reference_id

CVE-2017-5451

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5451

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

reference_id

mfsa2017-10

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

reference_id

mfsa2017-12

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-12

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-13

reference_id

mfsa2017-13

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-13

reference_url	https://access.redhat.com/errata/RHSA-2017:1106
reference_id	RHSA-2017:1106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1106

reference_url	https://access.redhat.com/errata/RHSA-2017:1201
reference_id	RHSA-2017:1201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1201

reference_url	https://usn.ubuntu.com/3260-1/
reference_id	USN-3260-1
reference_type
scores
url	https://usn.ubuntu.com/3260-1/

reference_url	https://usn.ubuntu.com/3278-1/
reference_id	USN-3278-1
reference_type
scores
url	https://usn.ubuntu.com/3278-1/

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 4.3 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c11z-6f9c-3bb5

Vulnerability Instance