Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-jvkp-8vex-4yby

Summary When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page.

Aliases

alias	CVE-2017-7762

Fixed_packages

url	pkg:alpm/archlinux/firefox@54.0-1
purl	pkg:alpm/archlinux/firefox@54.0-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@54.0-1

url	pkg:deb/debian/firefox@150.0-1?distro=sid
purl	pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@54.0-1?distro=sid
purl	pkg:deb/debian/firefox@54.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@54.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0-1?distro=sid
purl	pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid

url	pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl	pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/firefox@53.0.3-1

purl pkg:alpm/archlinux/firefox@53.0.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4jqv-p541-tfa9

vulnerability	VCID-56jb-xrj9-dyf3

vulnerability	VCID-622g-5uav-bbgd

vulnerability	VCID-6pdh-nn19-8yc5

vulnerability	VCID-9k9g-4cxt-3faj

vulnerability	VCID-awue-n9ua-hfej

vulnerability	VCID-f7zd-nx3e-tba1

vulnerability	VCID-h63e-ngr6-zqee

vulnerability	VCID-j56s-gf2k-zqdx

vulnerability	VCID-jvkp-8vex-4yby

vulnerability	VCID-jwnz-gnjs-1uaa

vulnerability	VCID-k79j-1yvn-qfd2

vulnerability	VCID-nyn2-zf8c-67cb

vulnerability	VCID-pmwj-2v2k-nfcb

vulnerability	VCID-pww9-m9d4-euew

vulnerability	VCID-qhes-9dcx-tbb5

vulnerability	VCID-rsqj-18a5-23gd

vulnerability	VCID-sncj-cwvy-ckdf

vulnerability	VCID-xztj-hyqy-gug6

vulnerability	VCID-z3r1-zkkw-8fhq

vulnerability	VCID-z7sd-q1rk-jqa7

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@53.0.3-1

url pkg:rpm/redhat/firefox@60.1.0-4?arch=el7_5

purl pkg:rpm/redhat/firefox@60.1.0-4?arch=el7_5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-89t2-wzrw-nycq

vulnerability	VCID-a79m-8sp3-v3dh

vulnerability	VCID-adfd-zkn8-3fgd

vulnerability	VCID-bfdm-fkfv-nfch

vulnerability	VCID-csm4-qspw-83da

vulnerability	VCID-j7j8-g9du-mqfz

vulnerability	VCID-jvkp-8vex-4yby

vulnerability	VCID-sr45-86k8-8ybs

vulnerability	VCID-u23v-7afk-qben

vulnerability	VCID-ym7a-e9b5-5ygm

vulnerability	VCID-zpx3-dck3-6bfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@60.1.0-4%3Farch=el7_5

url pkg:rpm/redhat/firefox@60.1.0-5?arch=el6

purl pkg:rpm/redhat/firefox@60.1.0-5?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-89t2-wzrw-nycq

vulnerability	VCID-a79m-8sp3-v3dh

vulnerability	VCID-adfd-zkn8-3fgd

vulnerability	VCID-bfdm-fkfv-nfch

vulnerability	VCID-csm4-qspw-83da

vulnerability	VCID-j7j8-g9du-mqfz

vulnerability	VCID-jvkp-8vex-4yby

vulnerability	VCID-sr45-86k8-8ybs

vulnerability	VCID-u23v-7afk-qben

vulnerability	VCID-ym7a-e9b5-5ygm

vulnerability	VCID-zpx3-dck3-6bfy

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/firefox@60.1.0-5%3Farch=el6

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7762.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7762.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7762

reference_id

reference_type

scores

value	0.0054
scoring_system	epss
scoring_elements	0.67531
published_at	2026-04-01T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67633
published_at	2026-04-21T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67654
published_at	2026-04-18T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.6764
published_at	2026-04-12T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67608
published_at	2026-04-13T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67642
published_at	2026-04-16T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67567
published_at	2026-04-07T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67589
published_at	2026-04-04T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67618
published_at	2026-04-08T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67632
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7762

reference_url	https://bugzilla.mozilla.org/show_bug.cgi?id=1358248
reference_id
reference_type
scores
url	https://bugzilla.mozilla.org/show_bug.cgi?id=1358248

reference_url	https://www.mozilla.org/security/advisories/mfsa2017-15/
reference_id
reference_type
scores
url	https://www.mozilla.org/security/advisories/mfsa2017-15/

reference_url	http://www.securityfocus.com/bid/99047
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/99047

reference_url	http://www.securitytracker.com/id/1038689
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038689

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1590493
reference_id	1590493
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1590493

reference_url	https://security.archlinux.org/ASA-201706-19
reference_id	ASA-201706-19
reference_type
scores
url	https://security.archlinux.org/ASA-201706-19

reference_url

https://security.archlinux.org/AVG-302

reference_id

AVG-302

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-302

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
reference_id	cpe:2.3:a:mozilla:firefox::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7762

reference_id

CVE-2017-7762

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7762

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-15

reference_id

mfsa2017-15

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2017-15

reference_url	https://access.redhat.com/errata/RHSA-2018:2112
reference_id	RHSA-2018:2112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2112

reference_url	https://access.redhat.com/errata/RHSA-2018:2113
reference_id	RHSA-2018:2113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2113

reference_url	https://usn.ubuntu.com/3315-1/
reference_id	USN-3315-1
reference_type
scores
url	https://usn.ubuntu.com/3315-1/

Weaknesses

cwe_id	290
name	Authentication Bypass by Spoofing
description	This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 5.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jvkp-8vex-4yby

Vulnerability Instance