Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-qu3v-meay-f3dh
SummaryAndroid apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking.
Aliases
0
alias CVE-2025-1939
Fixed_packages
0
url pkg:deb/debian/firefox@150.0-1?distro=sid
purl pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid
1
url pkg:deb/debian/firefox@0?distro=sid
purl pkg:deb/debian/firefox@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@0%3Fdistro=sid
2
url pkg:deb/debian/firefox@149.0-1?distro=sid
purl pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid
3
url pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1939.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1939.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1939
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06551
published_at 2026-04-02T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06588
published_at 2026-04-04T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06665
published_at 2026-04-09T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06622
published_at 2026-04-08T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.06572
published_at 2026-04-07T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.06658
published_at 2026-04-11T12:55:00Z
6
value 0.00131
scoring_system epss
scoring_elements 0.32585
published_at 2026-04-21T12:55:00Z
7
value 0.00131
scoring_system epss
scoring_elements 0.32627
published_at 2026-04-12T12:55:00Z
8
value 0.00131
scoring_system epss
scoring_elements 0.32599
published_at 2026-04-13T12:55:00Z
9
value 0.00131
scoring_system epss
scoring_elements 0.32637
published_at 2026-04-16T12:55:00Z
10
value 0.00131
scoring_system epss
scoring_elements 0.32615
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1939
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2349798
reference_id 2349798
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2349798
3
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2025-14
reference_id mfsa2025-14
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2025-14
4
reference_url https://www.mozilla.org/security/advisories/mfsa2025-14/
reference_id mfsa2025-14
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:11:36Z/
url https://www.mozilla.org/security/advisories/mfsa2025-14/
5
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1928334
reference_id show_bug.cgi?id=1928334
reference_type
scores
0
value 3.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-04T16:11:36Z/
url https://bugzilla.mozilla.org/show_bug.cgi?id=1928334
Weaknesses
0
cwe_id 1021
name Improper Restriction of Rendered UI Layers or Frames
description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Exploits
Severity_range_score3.9 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-qu3v-meay-f3dh