Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9h4y-xcex-1fch
SummaryWebExtension content scripts can be loaded into about: pages in some circumstances, in violation of the permissions granted to extensions. This could allow an extension to interfere with the loading and usage of these pages and use capabilities that were intended to be restricted from extensions.
Aliases
0
alias CVE-2018-18495
Fixed_packages
0
url pkg:alpm/archlinux/firefox@64.0-1
purl pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1
1
url pkg:deb/debian/firefox@64.0-1?distro=sid
purl pkg:deb/debian/firefox@64.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@64.0-1%3Fdistro=sid
2
url pkg:deb/debian/firefox@149.0-1?distro=sid
purl pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid
3
url pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid
4
url pkg:deb/debian/firefox@150.0-1?distro=sid
purl pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid
Affected_packages
0
url pkg:alpm/archlinux/firefox@63.0.3-1
purl pkg:alpm/archlinux/firefox@63.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h4y-xcex-1fch
1
vulnerability VCID-cszr-1fu2-6be5
2
vulnerability VCID-ka9x-22be-p7aw
3
vulnerability VCID-n1v6-q6wt-ebaj
4
vulnerability VCID-qvqm-n242-vyea
5
vulnerability VCID-skbg-e4em-bkaw
6
vulnerability VCID-vnmz-2agw-k3fg
7
vulnerability VCID-wzt1-wzps-kqbr
8
vulnerability VCID-yq6p-sv1g-m3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0.3-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18495.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18495.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18495
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55696
published_at 2026-04-01T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.55775
published_at 2026-04-24T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.55853
published_at 2026-04-12T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.55834
published_at 2026-04-13T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55871
published_at 2026-04-16T12:55:00Z
5
value 0.00328
scoring_system epss
scoring_elements 0.55875
published_at 2026-04-18T12:55:00Z
6
value 0.00328
scoring_system epss
scoring_elements 0.55849
published_at 2026-04-21T12:55:00Z
7
value 0.00328
scoring_system epss
scoring_elements 0.55808
published_at 2026-04-02T12:55:00Z
8
value 0.00328
scoring_system epss
scoring_elements 0.5583
published_at 2026-04-04T12:55:00Z
9
value 0.00328
scoring_system epss
scoring_elements 0.5581
published_at 2026-04-07T12:55:00Z
10
value 0.00328
scoring_system epss
scoring_elements 0.55861
published_at 2026-04-08T12:55:00Z
11
value 0.00328
scoring_system epss
scoring_elements 0.55864
published_at 2026-04-09T12:55:00Z
12
value 0.00328
scoring_system epss
scoring_elements 0.55873
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18495
2
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
reference_id
reference_type
scores
url https://bugzilla.mozilla.org/show_bug.cgi?id=1427585
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url https://www.mozilla.org/security/advisories/mfsa2018-29/
5
reference_url http://www.securityfocus.com/bid/106167
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106167
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696138
reference_id 1696138
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696138
7
reference_url https://security.archlinux.org/ASA-201812-9
reference_id ASA-201812-9
reference_type
scores
url https://security.archlinux.org/ASA-201812-9
8
reference_url https://security.archlinux.org/AVG-833
reference_id AVG-833
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-833
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-18495
reference_id CVE-2018-18495
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-18495
15
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2018-29
reference_id mfsa2018-29
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2018-29
16
reference_url https://usn.ubuntu.com/3844-1/
reference_id USN-3844-1
reference_type
scores
url https://usn.ubuntu.com/3844-1/
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
2
cwe_id 270
name Privilege Context Switching Error
description The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
3
cwe_id 552
name Files or Directories Accessible to External Parties
description The product makes files or directories accessible to unauthorized actors, even though they should not be.
4
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
5
cwe_id 732
name Incorrect Permission Assignment for Critical Resource
description The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploits
Severity_range_score3.3 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9h4y-xcex-1fch