Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wzt1-wzps-kqbr
SummaryLimitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to opened privileged about: or file: locations.
Aliases
0
alias CVE-2018-18497
Fixed_packages
0
url pkg:alpm/archlinux/firefox@64.0-1
purl pkg:alpm/archlinux/firefox@64.0-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@64.0-1
1
url pkg:deb/debian/firefox@64.0-1?distro=sid
purl pkg:deb/debian/firefox@64.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@64.0-1%3Fdistro=sid
2
url pkg:deb/debian/firefox@149.0-1?distro=sid
purl pkg:deb/debian/firefox@149.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0-1%3Fdistro=sid
3
url pkg:deb/debian/firefox@149.0.2-1?distro=sid
purl pkg:deb/debian/firefox@149.0.2-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@149.0.2-1%3Fdistro=sid
4
url pkg:deb/debian/firefox@150.0-1?distro=sid
purl pkg:deb/debian/firefox@150.0-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@150.0-1%3Fdistro=sid
Affected_packages
0
url pkg:alpm/archlinux/firefox@63.0.3-1
purl pkg:alpm/archlinux/firefox@63.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9h4y-xcex-1fch
1
vulnerability VCID-cszr-1fu2-6be5
2
vulnerability VCID-ka9x-22be-p7aw
3
vulnerability VCID-n1v6-q6wt-ebaj
4
vulnerability VCID-qvqm-n242-vyea
5
vulnerability VCID-skbg-e4em-bkaw
6
vulnerability VCID-vnmz-2agw-k3fg
7
vulnerability VCID-wzt1-wzps-kqbr
8
vulnerability VCID-yq6p-sv1g-m3bj
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@63.0.3-1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18497.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-18497
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44266
published_at 2026-04-01T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44229
published_at 2026-04-24T12:55:00Z
2
value 0.00217
scoring_system epss
scoring_elements 0.4434
published_at 2026-04-12T12:55:00Z
3
value 0.00217
scoring_system epss
scoring_elements 0.44339
published_at 2026-04-13T12:55:00Z
4
value 0.00217
scoring_system epss
scoring_elements 0.44395
published_at 2026-04-16T12:55:00Z
5
value 0.00217
scoring_system epss
scoring_elements 0.44386
published_at 2026-04-18T12:55:00Z
6
value 0.00217
scoring_system epss
scoring_elements 0.44316
published_at 2026-04-21T12:55:00Z
7
value 0.00217
scoring_system epss
scoring_elements 0.44338
published_at 2026-04-02T12:55:00Z
8
value 0.00217
scoring_system epss
scoring_elements 0.4436
published_at 2026-04-04T12:55:00Z
9
value 0.00217
scoring_system epss
scoring_elements 0.44297
published_at 2026-04-07T12:55:00Z
10
value 0.00217
scoring_system epss
scoring_elements 0.44349
published_at 2026-04-08T12:55:00Z
11
value 0.00217
scoring_system epss
scoring_elements 0.44354
published_at 2026-04-09T12:55:00Z
12
value 0.00217
scoring_system epss
scoring_elements 0.44372
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-18497
2
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1488180
reference_id
reference_type
scores
url https://bugzilla.mozilla.org/show_bug.cgi?id=1488180
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://www.mozilla.org/security/advisories/mfsa2018-29/
reference_id
reference_type
scores
url https://www.mozilla.org/security/advisories/mfsa2018-29/
5
reference_url http://www.securityfocus.com/bid/106167
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106167
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1696112
reference_id 1696112
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1696112
7
reference_url https://security.archlinux.org/ASA-201812-9
reference_id ASA-201812-9
reference_type
scores
url https://security.archlinux.org/ASA-201812-9
8
reference_url https://security.archlinux.org/AVG-833
reference_id AVG-833
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-833
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-18497
reference_id CVE-2018-18497
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2018-18497
15
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2018-29
reference_id mfsa2018-29
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2018-29
16
reference_url https://usn.ubuntu.com/3844-1/
reference_id USN-3844-1
reference_type
scores
url https://usn.ubuntu.com/3844-1/
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
2
cwe_id 270
name Privilege Context Switching Error
description The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
3
cwe_id 552
name Files or Directories Accessible to External Parties
description The product makes files or directories accessible to unauthorized actors, even though they should not be.
Exploits
Severity_range_score3.3 - 10.0
Exploitability0.5
Weighted_severity9.0
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wzt1-wzps-kqbr